Compare commits

..

521 Commits

Author SHA1 Message Date
Jérémy Lecour 2a856d579e
Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head This commit looks good Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2712|0|2712|0|:zzz: Details
gitea/ansible-roles/pipeline/tag This commit looks good Details
2024-03-01 09:06:08 +01:00
Jérémy Lecour beea53aa64
Merge branch 'stable' into unstable 2024-03-01 09:04:25 +01:00
Jérémy Lecour 342380876a
Release 24.03 2024-03-01 09:00:49 +01:00
Jérémy Lecour 24cbbf2f54
fix CHANGELOG 2024-03-01 08:55:07 +01:00
Jérémy Lecour 56237bb3c6
evolinux-base: execute autosysadmin-agent and autosysadmin-restart_nrpe roles
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2711|9|2702|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/13//ansiblelint">Evolix » ansible-roles » unstable #13</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-03-01 08:35:16 +01:00
Jérémy Lecour abd329b9c1
autosysadmin-restart_nrpe: add role 2024-03-01 08:32:47 +01:00
Jérémy Lecour 037ec9d376
autosysadmin-agent: upstream release 24.03 2024-03-01 08:26:43 +01:00
Jérémy Lecour c333970606
autosysadmin-agent: rename /usr/share/scripts/autosysadmin/{auto,restart} 2024-02-29 19:16:18 +01:00
Jérémy Lecour 10b507adc4
autosysadmin-agent: logs clearing is done weekly
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2708|6|2702|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/12//ansiblelint">Evolix » ansible-roles » unstable #12</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-29 18:50:14 +01:00
Jérémy Lecour b2e22413bc
autosysadmin-agent: upstream release 24.02.3
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2706|22|2684|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/11//ansiblelint">Evolix » ansible-roles » unstable #11</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-28 15:40:39 +01:00
William Hirigoyen bec868009c nagios: add option --full to check pressure IO and mem to avoid flaps
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2689|6|2683|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/10//ansiblelint">Evolix » ansible-roles » unstable #10</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-27 10:33:49 +01:00
David Prevot aea710cb25 redis: Update munin plugin
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2689|4|2685|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/9//ansiblelint">Evolix » ansible-roles » unstable #9</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-22 09:44:50 +01:00
Ludovic Poujol b0ba70f06c
certbot: Renewal hook for NRPE
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2688|4|2684|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/8//ansiblelint">Evolix » ansible-roles » unstable #8</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-21 12:27:18 +01:00
Jérémy Dubois 0a4a220bdf openvpn: earlier alert for CA expiration
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2690|4|2686|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/7//ansiblelint">Evolix » ansible-roles » unstable #7</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-21 10:51:08 +01:00
Jérémy Lecour 282dcb28f4
apt: add comments to deb822 migration scripts
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2689|4|2685|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/6//ansiblelint">Evolix » ansible-roles » unstable #6</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-20 18:50:39 +01:00
Alexis Ben Miloud--Josselin a0fc763a0c certbot: Utiliser pkey pour tester clé
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2688|3|2685|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/5//ansiblelint">Evolix » ansible-roles » unstable #5</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-20 16:12:26 +01:00
David Prevot a56e8c27ee lxc-php, php: Update sury PGP key
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2688|4|2684|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/4//ansiblelint">Evolix » ansible-roles » unstable #4</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-20 13:57:17 +01:00
Jérémy Lecour 56db6e1fbc
apt: add ftp.evolix.org as recognized system source
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2689|0|2689|0|:zzz: Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-20 09:49:41 +01:00
Jérémy Lecour 015cac688e
redis: create sysfs config file if missing 2024-02-20 09:48:58 +01:00
Jérémy Lecour c12c581f63
update CHANGELOG
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2024-02-12 19:07:20 +01:00
Alexis Ben Miloud--Josselin 7c2fd5e394
kvm-host: Add firewall rule for DRBD
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2024-02-12 18:52:29 +01:00
Jérémy Lecour 9402458304
Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
gitea/ansible-roles/pipeline/tag There was a failure building this commit Details
2024-02-08 11:08:47 +01:00
Jérémy Lecour cf0fab1e22
Release 24.02.1 2024-02-08 11:08:28 +01:00
Jérémy Lecour 13284645de
fail2ban: fix Ansible syntax
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2024-02-08 11:03:14 +01:00
Jérémy Lecour 2f96151c70
Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
gitea/ansible-roles/pipeline/tag There was a failure building this commit Details
2024-02-08 09:48:29 +01:00
Jérémy Lecour d4fcc6f8f4
Release 24.02 2024-02-08 09:27:08 +01:00
Jérémy Lecour eb3aac9d3e
update CHANGELOG 2024-02-08 08:33:49 +01:00
Jérémy Lecour 2e9b6c0680
amavis/ldap: make ldap_suffix mandatory 2024-02-07 16:15:32 +01:00
Jérémy Lecour 0b859fd1a4
dovecot: add variables for LDAP 2024-02-07 16:14:29 +01:00
Jérémy Lecour fe5a61289b
whitespaces 2024-02-07 16:12:32 +01:00
Jérémy Lecour ae665ea178
spamassassin: optimize tasks 2024-02-07 16:01:37 +01:00
Jérémy Lecour d401778024
remount-usr: back to a simpler implementation 2024-02-07 15:43:23 +01:00
Jérémy Lecour 4fb49dd6c9
nginx: clarify intent regarding check mode 2024-02-07 15:39:05 +01:00
Jérémy Lecour ef2e65287e
YAML header 2024-02-07 15:38:29 +01:00
Jérémy Lecour 8af6cdc4d6
apache: create ip_whitelist file if missing 2024-02-07 15:38:28 +01:00
William Hirigoyen 3bb29aa6ba proftpd: fix error when no SSH key is provided 2024-02-07 11:32:41 +01:00
Jérémy Lecour 47d7141a66
evoadmin-mail: apt modules already knows how to download packages 2024-02-06 13:59:28 +01:00
Jérémy Lecour 75650032d4
postfix: default to evolinux_fqdn 2024-02-06 13:33:15 +01:00
Eric Morino 5df27a4bc5 Add variables for generate "ldap_suffix" in amavis role. 2024-02-06 10:29:52 +01:00
Jérémy Lecour 2768b3146f
nginx: simpler regex for settings 2024-02-06 08:46:20 +01:00
Jérémy Lecour 8f86584605
nginx: different way of dealing with check-mode 2024-02-06 08:44:48 +01:00
Jérémy Lecour ba827b79d9
sort CHANGELOG 2024-02-06 08:41:58 +01:00
Jérémy Lecour 12993a8d7c
vrrpd: configure minifirewall 2024-02-06 08:40:55 +01:00
Jérémy Lecour ff233b65a6
remove check-mode protection for handlers
handlers are not supposed to be executed in check-mode since no change should happen in check-mode.
If there is a corner case we should deal with it at the source, not at the handler level.
2024-02-06 08:39:38 +01:00
Jérémy Lecour 8dd9c64cbc
nagios-nrpe: multi-line list 2024-02-06 08:34:22 +01:00
Jérémy Lecour 112bc2133a
dovecot: combine similar tasks 2024-02-06 08:22:18 +01:00
Jérémy Lecour 63745c2697
apt: remove duplicate extension 2024-02-06 08:21:15 +01:00
William Hirigoyen 1f8738fbda postfix: move postfix installation from evolinux-base to postfix role, plus some refactoring
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2696|33|2663|34|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/467//ansiblelint">Evolix » ansible-roles » unstable #467</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
postfix:
* Move common packages installation in common.yml
* Replace ansible_fqdn by evolinux_fqdn, set postfix_slow_transport_include to false by default (only for packmails and packwebs)
* Remove dependency on evolinux_fqdn var
* Do not overwrite main.cf if it has been modified (except if postfix_force_main_cf)

evolinux-base:
* Move exim4 purge from evolinux-base to postfix role
* Call postfix role call after nagios role (dependency)
2024-02-01 18:00:48 +01:00
William Hirigoyen 554bbaa36f roundcube: set default SMTP port to 25 instead of 587, which failed because of missing SSL conf (local connexion does not need SSL) 2024-02-01 18:00:38 +01:00
William Hirigoyen bc07010aa6 webapps/roundcube & evoadminmail: make roles more idempotent (were failing when played twice) 2024-02-01 18:00:38 +01:00
William Hirigoyen 9f530d78db evolinux-base: addd cert.sh, a small readonly openssl wrapper (testing, not deployed yet) 2024-02-01 18:00:38 +01:00
William Hirigoyen de0a98d693 dovecot: fix missing default mails 2024-02-01 18:00:38 +01:00
Alexis Ben Miloud--Josselin 8741167a80 Revert last commit
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2697|5|2692|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/466//ansiblelint">Evolix » ansible-roles » unstable #466</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-02-01 17:04:30 +01:00
Alexis Ben Miloud--Josselin 4c9e4a30cc userlogrotate: Ensure we use a valid group name
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2697|8|2689|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/465//ansiblelint">Evolix » ansible-roles » unstable #465</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
Use user's primary group when user's name is not an existing group.
2024-02-01 11:07:19 +01:00
William Hirigoyen d67e2b122f nagios-nrpe, generateldif: new check_pressure_{cpu,io,mem}
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2696|5|2691|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/464//ansiblelint">Evolix » ansible-roles » unstable #464</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-31 18:04:11 +01:00
William Hirigoyen 393c1f4ff1 add missing LDAP conf iterate_filter to exclude disabled accounts in users list
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2697|5|2692|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/463//ansiblelint">Evolix » ansible-roles » unstable #463</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-29 12:04:38 +01:00
David Prevot e14408cb05 apt: follow up from previous commit
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2696|4|2692|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/462//ansiblelint">Evolix » ansible-roles » unstable #462</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-29 10:07:01 +01:00
David Prevot 1924324c07 apt: No preferences needed for backports
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2698|3|2695|1|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/461//ansiblelint">Evolix » ansible-roles » unstable #461</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-29 09:49:36 +01:00
David Prevot d55b2b14bb evolinux-base: tfix
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2696|5|2691|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/460//ansiblelint">Evolix » ansible-roles » unstable #460</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-29 09:44:57 +01:00
David Prevot b31aa53c81 apt: Improve check mode
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2695|3|2692|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/459//ansiblelint">Evolix » ansible-roles » unstable #459</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-25 13:59:36 +01:00
William Hirigoyen dae2a25f78 check_free_space: add role; evolinux-base: install check_free_space by default
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2697|20|2677|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/458//ansiblelint">Evolix » ansible-roles » unstable #458</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-24 17:25:20 +01:00
William Hirigoyen cce7280cd0 fail2ban: add script unban_ip
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2682|3|2679|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/457//ansiblelint">Evolix » ansible-roles » unstable #457</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-24 15:24:42 +01:00
William Hirigoyen 68d9d3c47c minifirewall: do not open publicly ports except 22222
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2683|3|2680|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/456//ansiblelint">Evolix » ansible-roles » unstable #456</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-24 11:45:28 +01:00
Alexis Ben Miloud--Josselin 251416f3e8 webapps/nextcloud: Set home directory's mode
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2682|4|2678|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/455//ansiblelint">Evolix » ansible-roles » unstable #455</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-23 18:00:54 +01:00
Alexis Ben Miloud--Josselin 9b67202acc webapps/nextcloud: Add condition for archive tasks
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2683|7|2676|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/454//ansiblelint">Evolix » ansible-roles » unstable #454</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-23 16:35:51 +01:00
David Prevot 30bd72614d listupgrade: Fix removal order
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2683|3|2680|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/453//ansiblelint">Evolix » ansible-roles » unstable #453</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-18 10:14:37 +01:00
David Prevot aa2593f34c Revert "listupgrade: No removal (especially of the just installed cron_file) needed"
This reverts commit 09f951de18.
2024-01-18 10:14:37 +01:00
David Prevot bc19912b71 Revert "listupgrade: try and get rid of duplicate entries"
This reverts commit 531b633d99.
2024-01-18 10:14:36 +01:00
Jérémy Lecour 0c17e4d8fc
sort CHANGELOG
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2682|5|2677|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/452//ansiblelint">Evolix » ansible-roles » unstable #452</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-18 10:01:46 +01:00
Jérémy Lecour 51280c586a
redis: manage config template inside a block
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2683|18|2665|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/451//ansiblelint">Evolix » ansible-roles » unstable #451</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
This allows to have a coherent block managed by Ansible and extra lines that won't be overwritten.
Eg. : automatically added lines for replication, sentinel groups…
2024-01-18 10:00:44 +01:00
Jérémy Lecour f994e19946
vrrpd: fix typo in switch script 2024-01-18 10:00:43 +01:00
David Prevot 531b633d99 listupgrade: try and get rid of duplicate entries
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2672|7|2665|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/450//ansiblelint">Evolix » ansible-roles » unstable #450</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-17 17:07:20 +01:00
David Prevot bceb3f5c27 php: drop apt_preferences(5) file for sury (changelog)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2671|3|2668|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/449//ansiblelint">Evolix » ansible-roles » unstable #449</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-17 16:51:14 +01:00
David Prevot 422f007e9d php: drop apt_preferences(5) file for sury
It doesn’t work as expected, and all covered cases should already be
available from http://pub.evolix.org/evolix/dists/ (if
$release_name-phpXY is not available, $release should probably be fixed
or the correct suite added to the repository).
2024-01-17 16:49:11 +01:00
Brice Waegeneire 72727a8332 nagios-nrpe: check_phpfpm_multi expand globing of args
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2674|8|2666|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/448//ansiblelint">Evolix » ansible-roles » unstable #448</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-12 13:38:17 +01:00
Jérémy Lecour f3eb7a4981
listupgrade : old-kernel-removal.sh upstream release 24.01
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2673|6|2667|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/447//ansiblelint">Evolix » ansible-roles » unstable #447</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-12 11:39:01 +01:00
Jérémy Lecour bca5b9f28c
fail2ban: fix template marker 2024-01-11 17:46:49 +01:00
Jérémy Lecour c9df19e146
warning comment 2024-01-11 17:45:55 +01:00
Jérémy Lecour bf07ef74c3
nginx: take care of « already defined » and « not yet defined » server status suffix in check mode
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2674|15|2659|9|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/446//ansiblelint">Evolix » ansible-roles » unstable #446</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-11 16:51:20 +01:00
William Hirigoyen f5d5e84caf dovecot: fix plugin dovecot1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2668|4|2664|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/445//ansiblelint">Evolix » ansible-roles » unstable #445</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-09 17:13:22 +01:00
David Prevot e089796c4c evocheck: upstream release 24.01
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2669|5|2664|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/444//ansiblelint">Evolix » ansible-roles » unstable #444</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-03 17:47:09 +01:00
William Hirigoyen 0a590b6679 nginx: fix multiple fails in check mode
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|11|2659|11|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/443//ansiblelint">Evolix » ansible-roles » unstable #443</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2024-01-03 11:29:20 +01:00
William Hirigoyen 41897f4c62 bind: improve reload script
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|2|2668|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/442//ansiblelint">Evolix » ansible-roles » unstable #442</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-29 12:12:39 +01:00
David Prevot 1ac497282c evoadmin-mail: use fixed version for Ansible
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|6|2664|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/441//ansiblelint">Evolix » ansible-roles » unstable #441</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-22 15:44:40 +01:00
William Hirigoyen 9fb635b45f webapps/evoadmin-mail: package installed via public.evolix.org/evolix repo starting with Bookworm
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|6|2664|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/440//ansiblelint">Evolix » ansible-roles » unstable #440</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
(H)acked-By: David Prévot <dprevot+git@evolix.fr>
2023-12-22 15:42:30 +01:00
Mathieu Trossevin c2de4b4cd1
kvm-host: Add LVM filter when needed
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2671|8|2663|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/439//ansiblelint">Evolix » ansible-roles » unstable #439</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-22 11:26:08 +01:00
Jérémy Lecour d93eb2495b
sort CHANGELOG
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2668|3|2665|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/438//ansiblelint">Evolix » ansible-roles » unstable #438</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-20 15:28:09 +01:00
Jérémy Lecour 046f1411b3
vrrpd: test if interface exists before deleting it 2023-12-20 15:27:07 +01:00
Ludovic Poujol 4a1b94f55d unbound: Add a apt cache validity to enforce an apt update if needed
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2668|4|2664|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/437//ansiblelint">Evolix » ansible-roles » unstable #437</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-19 17:55:36 +01:00
Tom David--Broglio 1eb5a47c71 nagios: add dockerd check in nrpe check template
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2669|5|2664|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/436//ansiblelint">Evolix » ansible-roles » unstable #436</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-18 19:17:39 +01:00
Tom David--Broglio d4ac4ef7a1 nagios: cleaning nrpe check template 2023-12-18 19:17:39 +01:00
Alexis Ben Miloud--Josselin 70c2d25837 evolinux-base: Check for syntax error in cron.log
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2668|4|2664|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/435//ansiblelint">Evolix » ansible-roles » unstable #435</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-18 18:05:36 +01:00
Mathieu Trossevin c0f27426bc
Merge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2669|6|2663|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/434//ansiblelint">Evolix » ansible-roles » unstable #434</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-18 17:47:47 +01:00
Mathieu Trossevin 62c596046d
Add role for automatically deploying autosysadmin 2023-12-18 17:00:51 +01:00
Jérémy Lecour b4c9fcf6f7
mongodb: add gpg key for 7.0
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|4|2666|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/433//ansiblelint">Evolix » ansible-roles » unstable #433</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-18 16:36:09 +01:00
William Hirigoyen 9e67db57e5 evolinux-base: fix hardware.yml (wrong repo, missing update cache)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2670|11|2659|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/432//ansiblelint">Evolix » ansible-roles » unstable #432</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-18 11:29:40 +01:00
Mathieu Trossevin 0c09763e87
fix(minifirewall): Properly detect old minifirewall versions
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2667|1|2666|2|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/431//ansiblelint">Evolix » ansible-roles » unstable #431</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-14 16:59:55 +01:00
David Prevot 95610e16be bind: allow bullseye and bookworm
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2667|0|2667|0|:zzz: Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-12 17:11:47 +01:00
David Prevot 5f158e031b spamassin: Use spamd starting with Bookworm 2023-12-12 17:11:47 +01:00
Jérémy Lecour b0992bcaf9
mysql: disable performance schema for Debian 8
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2662|4|2658|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/429//ansiblelint">Evolix » ansible-roles » unstable #429</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-11 18:21:57 +01:00
Jérémy Lecour 26e3dc1be6
apache: use backward compatible Redirect directive 2023-12-11 18:19:38 +01:00
Jérémy Lecour a920d2d402
apt: Disable archive repository for Debian 8
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2663|18|2645|10|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/428//ansiblelint">Evolix » ansible-roles » unstable #428</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-11 15:10:11 +01:00
Jérémy Lecour 6c0ca02391
apt: add task file to install ELTS repository (default: False) 2023-12-11 15:10:10 +01:00
Jérémy Lecour db63902206
apt: use the GPG version of the key for Debian 8-9 2023-12-11 15:10:09 +01:00
Jérémy Lecour ca5d9d5202
mysql: use a boolean for read-only 2023-12-11 15:10:08 +01:00
Jérémy Lecour fb7218972f
squid: config directory seems to have changed from /etc/squid3 to /etc/squid in Debian 8 2023-12-11 15:10:06 +01:00
William Hirigoyen 66b69f1502 remount-usr: do not try to remount /usr RW if /usr is not a mounted partition
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2655|22|2633|15|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/427//ansiblelint">Evolix » ansible-roles » unstable #427</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-11 10:46:04 +01:00
Jérémy Lecour c90afcb4f4
apt: fix Jessie repository
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2648|6|2642|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/426//ansiblelint">Evolix » ansible-roles » unstable #426</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-09 10:00:30 +01:00
Ludovic Poujol e32e1c5496 Unbound: Big update & enhancements
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|2|2645|12|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/425//ansiblelint">Evolix » ansible-roles » unstable #425</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
* Move configuration generated to /etc/unbound/unbound.conf.d/evolinux.conf so we don't override default config file
* Make use of root hints provided by dns-root-data instead of downloading them
* Add configuration to ensure that configuration reload work out of the box on Debian11 and old
* Add required configuration in Unbound and munin to allow tge plugin to work
* Make ansible-lint a bit more happy
2023-12-08 16:13:41 +01:00
Tom David--Broglio cbc51c462a fix Add Ceph volume to fstab : missing UUID= in src
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2657|5|2652|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/424//ansiblelint">Evolix » ansible-roles » unstable #424</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-07 11:02:04 +01:00
Alexis Ben Miloud--Josselin 4d7de89ad4 webapps/nextcloud: Add condition for config tasks
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2656|9|2647|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/423//ansiblelint">Evolix » ansible-roles » unstable #423</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
And update CHANGELOG
2023-12-07 10:19:42 +01:00
William Hirigoyen c9e8b6c4e1 dovecot: Munin plugin conf path is now /etc/munin/plugin-conf.d/zzz-dovecot (instead of z-evolinux-dovecot)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2655|5|2650|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/422//ansiblelint">Evolix » ansible-roles » unstable #422</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-07 10:04:11 +01:00
Alexis Ben Miloud--Josselin 31826b9ee5 webapps/nextcloud: Set owner and mode once mounted
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2655|7|2648|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/421//ansiblelint">Evolix » ansible-roles » unstable #421</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-07 09:42:34 +01:00
Alexis Ben Miloud--Josselin 43aff50891 webapps/nextcloud: Ajouter volume dans fstab 2023-12-07 09:34:04 +01:00
David Prevot de949fd348 Fix timesyncd template
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2653|6|2647|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/420//ansiblelint">Evolix » ansible-roles » unstable #420</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-05 11:15:36 +01:00
Tom David--Broglio 57ce920d7f scripts munin pour les stats sur les pools
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2653|3|2650|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/419//ansiblelint">Evolix » ansible-roles » unstable #419</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-04 18:46:48 +01:00
Jérémy Lecour ae79f33e3a
fix: search/replace error
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2655|5|2650|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/418//ansiblelint">Evolix » ansible-roles » unstable #418</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-12-04 11:38:09 +01:00
William Hirigoyen c861fe1974 etc-git: add /var/chroot-bind/etc/bind to Git safe directories to avoid owner check by Git (bind owns the repo, not root)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2655|8|2647|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/417//ansiblelint">Evolix » ansible-roles » unstable #417</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 17:41:25 +01:00
William Hirigoyen 9867dcb319 Retrait debug
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2651|6|2645|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/416//ansiblelint">Evolix » ansible-roles » unstable #416</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 17:25:14 +01:00
David Prevot 066a66eb4b [minor] drop extra line
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2653|5|2648|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/415//ansiblelint">Evolix » ansible-roles » unstable #415</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 16:45:08 +01:00
David Prevot b8732dffaf Changelog for previous changes
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2654|5|2649|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/414//ansiblelint">Evolix » ansible-roles » unstable #414</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 15:58:31 +01:00
David Prevot 4d9e1af40f evolinux-base: Don’t try to install unavailable linux-image-cloud-amd64 before Buster
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2653|5|2648|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/413//ansiblelint">Evolix » ansible-roles » unstable #413</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 15:45:48 +01:00
David Prevot 59afbb2e9a apt: Stretch has been archived
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2654|3|2651|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/412//ansiblelint">Evolix » ansible-roles » unstable #412</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-30 15:35:57 +01:00
Mathieu Trossevin 0ca31b91fe
fix(certbot): Fix hook for dovecot (too strict)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2654|8|2646|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/411//ansiblelint">Evolix » ansible-roles » unstable #411</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
When we use a separate certificate for POP3 and IMAP there might be
blank characters (almost certainly spaces but might as well be more lax)
before `ssl_cert` which resulted in these lines not being detected and
the hook not being played, forcing manual intervention.

This commit fixes that problem by accepting blank characters before
ssl_certs. (`\b` might be even better...)
2023-11-30 10:11:05 +01:00
William Hirigoyen fba894cad9 etc-git: create /var/chroot-bind/etc/bind GIT repo also in jessie
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2654|8|2646|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/410//ansiblelint">Evolix » ansible-roles » unstable #410</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-29 10:49:07 +01:00
William Hirigoyen 1a74bef0bc check stat.exists before stat.isdir
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2653|7|2646|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/409//ansiblelint">Evolix » ansible-roles » unstable #409</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-29 10:13:43 +01:00
William Hirigoyen 83e61b25a5 etc-git: add /var/chroot-bind/etc/bind repo 2023-11-29 09:59:57 +01:00
Jérémy Lecour 06c47493e9
sort changelog
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2650|9|2641|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/408//ansiblelint">Evolix » ansible-roles » unstable #408</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-29 09:24:28 +01:00
Jérémy Lecour 81d97bb3fb
vrrpd: variable to force update the switch script (default: false) 2023-11-29 09:24:00 +01:00
Jérémy Lecour 9e3e20e3a8
evolinux-base: move htop/top config to different task file 2023-11-29 09:23:27 +01:00
Jérémy Lecour f9125b8f3f
whitespace 2023-11-29 09:23:26 +01:00
David Prevot e5f5425f6d lxc-php: Allow one to install php83 on Bookworm container
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|9|2638|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/407//ansiblelint">Evolix » ansible-roles » unstable #407</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-28 17:15:44 +01:00
David Prevot 69bc93ff6e lxc: Init /etc git repository in lxc container
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2643|6|2637|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/406//ansiblelint">Evolix » ansible-roles » unstable #406</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
Note: ugly loop, but “it works”…
2023-11-24 11:54:13 +01:00
David Prevot 8f1fa57c37 evocheck: report “IS_ETCGIT_LXC, IS_GITPERMS_LXC: fix path”
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2641|3|2638|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/405//ansiblelint">Evolix » ansible-roles » unstable #405</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-23 15:01:58 +01:00
David Prevot cb03831ae8 lxc-php: Fix lxc_php_container_name
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2642|5|2637|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/404//ansiblelint">Evolix » ansible-roles » unstable #404</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-23 13:40:03 +01:00
Alexis Ben Miloud--Josselin 892067cf2b kvmstats: use .capacity instead of .physical for disk size
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2640|4|2636|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/403//ansiblelint">Evolix » ansible-roles » unstable #403</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-23 12:26:20 +01:00
David Prevot c93748487b evocheck: upstream release 23.11.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2641|6|2635|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/402//ansiblelint">Evolix » ansible-roles » unstable #402</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-22 17:27:39 +01:00
David Prevot 2c86660e52 evocheck: upstream release 23.11
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2641|2|2639|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/401//ansiblelint">Evolix » ansible-roles » unstable #401</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-22 17:06:39 +01:00
David Prevot 95aeb9a68e Fix bind changelog entry
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2641|5|2636|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/400//ansiblelint">Evolix » ansible-roles » unstable #400</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-22 16:13:37 +01:00
Brice Waegeneire 239065bf36 kvm-host: Fix regression on old Debian
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2640|6|2634|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/399//ansiblelint">Evolix » ansible-roles » unstable #399</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-21 16:17:48 +01:00
Brice Waegeneire 736ed26036 lxc-php: Add variable 'lxc_php_container_name' 2023-11-21 16:13:07 +01:00
David Prevot 96d15eb5aa Changelog entry for bind changes
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2640|9|2631|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/398//ansiblelint">Evolix » ansible-roles » unstable #398</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-21 11:35:42 +01:00
David Prevot 33d22b2614 bind: Bind mount for Bookworm 2023-11-21 11:21:31 +01:00
David Prevot 3bd87906ce bind: Adapt chroot-bind for Bookworm 2023-11-21 09:04:57 +01:00
David Prevot 9cedf84dae bind: Group accessibility for /var/chroot-bind 2023-11-21 09:04:57 +01:00
David Prevot 7ad55027da bind: Adapt apparmor rules as in https://wiki.debian.org/Bind9 2023-11-21 09:04:57 +01:00
David Prevot c71521acc3 bind: Adapt chroot-bind for Buster 2023-11-21 09:04:57 +01:00
David Prevot 8993242b2c bind: /etc/default/bind9 has been renamed as /etc/default/named
Since Bullseye (Debian 11)
2023-11-21 09:04:57 +01:00
Jérémy Lecour 4cba25d8fc
evolinux-base: no need to remove update-evobackup-canary from sbin anymore
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2637|4|2633|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/397//ansiblelint">Evolix » ansible-roles » unstable #397</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-20 19:15:39 +01:00
Jérémy Lecour f01e7453fb
no need to symlink backup-server-state to dump-server-state anymore
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2638|7|2631|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/396//ansiblelint">Evolix » ansible-roles » unstable #396</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-20 19:13:51 +01:00
Jérémy Lecour 71ed4c4c8c
shell syntax
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2639|10|2629|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/395//ansiblelint">Evolix » ansible-roles » unstable #395</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-20 19:03:50 +01:00
Jérémy Lecour 00fad357b5
use ternary condition (more readable) 2023-11-20 19:03:39 +01:00
Jérémy Lecour 83c178f244
log2mail: move custom config in separate file 2023-11-20 19:02:48 +01:00
Jérémy Lecour 642fbb1ea4
evolinux-base: dump-server-state upstream release 23.11 2023-11-20 19:02:03 +01:00
William Hirigoyen a5e4359d0e #73871 ssl: no not execute haproxy tasks and reload if haproxy is disabled
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2636|7|2629|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/394//ansiblelint">Evolix » ansible-roles » unstable #394</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-17 15:51:33 +01:00
Gregory Colpart 0578d5a3ec apache : rename MaxRequestsPerChild to MaxConnectionsPerChild (new name)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2635|8|2627|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/393//ansiblelint">Evolix » ansible-roles » unstable #393</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-16 14:45:07 +01:00
Gregory Colpart ac72c7ac31 apache: fix MaxRequestsPerChild value to be sync with wiki.e.o 2023-11-16 14:44:08 +01:00
Gregory Colpart b1a67d1a5c apache : fix goaway pattern for bad bots
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2635|2|2633|3|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/392//ansiblelint">Evolix » ansible-roles » unstable #392</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-16 14:35:48 +01:00
William Hirigoyen 1394052fd6 ProFTPd: set missing default listen IP for SFTP, enable ed25525549 key only for Debian >= 11
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2636|7|2629|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/391//ansiblelint">Evolix » ansible-roles » unstable #391</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-15 10:53:22 +01:00
William Hirigoyen 4a6e6e6ba2 ProFTPd: in SFTP vhost, enable SSH keys login, enable ed25549 host key
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2636|7|2629|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/390//ansiblelint">Evolix » ansible-roles » unstable #390</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-15 09:43:10 +01:00
Ludovic Poujol b77845cc8c php: Bullseye/Sury > Honor the php_version asked in the pub.evolix.org repository
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2634|7|2627|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/389//ansiblelint">Evolix » ansible-roles » unstable #389</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-13 16:17:22 +01:00
Jérémy Lecour c97e94bfe7
use ternary syntax for readability (subjective)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2633|4|2629|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/388//ansiblelint">Evolix » ansible-roles » unstable #388</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-10 17:17:39 +01:00
Tom David--Broglio 6ae9e04f27 webapps/nextcloud: fix misplaced gid attr and added check for nexctcloud uid
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2633|4|2629|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/387//ansiblelint">Evolix » ansible-roles » unstable #387</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-09 16:48:17 +01:00
Tom David--Broglio aab3381887 webapps/nextcloud: fix missing gid
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2632|5|2627|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/386//ansiblelint">Evolix » ansible-roles » unstable #386</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-09 15:59:45 +01:00
Tom David--Broglio 009de62e28 webapps/nextcloud Added var nextcloud_user_uid to enforce uid for nextcloud user
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2633|6|2627|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/385//ansiblelint">Evolix » ansible-roles » unstable #385</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-09 15:19:15 +01:00
William Hirigoyen 41ec5b737b nagios: rename var into and check systemd-timesyncd instead of ntpd in Debian 12
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2635|12|2623|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/384//ansiblelint">Evolix » ansible-roles » unstable #384</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-07 17:46:29 +01:00
William Hirigoyen c9c8ade55d nagios: fix default file to monitor for check_clamav_db
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2630|8|2622|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/383//ansiblelint">Evolix » ansible-roles » unstable #383</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-03 18:03:35 +01:00
William Hirigoyen bc284f8248 add-vm.sh: allow VM name max length > 20
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2628|6|2622|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/382//ansiblelint">Evolix » ansible-roles » unstable #382</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-11-03 10:48:28 +01:00
Brice Waegeneire 74a6b2ead1 nagios-nrpe: add check_sentinel
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2627|5|2622|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/381//ansiblelint">Evolix » ansible-roles » unstable #381</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-27 15:02:28 +02:00
David Prevot 331f4e8875 Revert "php83: preliminary work"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2628|4|2624|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/380//ansiblelint">Evolix » ansible-roles » unstable #380</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
This reverts commit 1259b88588.
2023-10-27 14:33:12 +02:00
David Prevot 953ca015c5 Changelog entries for latest changes
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2630|7|2623|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/379//ansiblelint">Evolix » ansible-roles » unstable #379</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-26 16:09:42 +02:00
David Prevot 45436d77b1 evocheck: upstream release 23.10 2023-10-26 16:03:45 +02:00
David Prevot 1259b88588 php83: preliminary work 2023-10-26 15:13:06 +02:00
David Prevot b05fa5a779 Add php-fpm82 to LDAP when relevant 2023-10-26 15:12:44 +02:00
David Prevot 03c09dc092 evoadmin-web: Fix PHP version for Bookworm
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2628|3|2625|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/378//ansiblelint">Evolix » ansible-roles » unstable #378</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-23 18:16:48 +02:00
Jérémy Lecour ab30ea4cde
nginx: keep indentation
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2629|10|2619|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/377//ansiblelint">Evolix » ansible-roles » unstable #377</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-18 22:12:40 +02:00
Brice Waegeneire 679e170dce evolinux-base: use separate default config file for rsyslog
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|6|2619|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/376//ansiblelint">Evolix » ansible-roles » unstable #376</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-18 15:10:35 +02:00
Jérémy Lecour 198f3fab0a
Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head This commit looks good Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2627|0|2627|0|:zzz: Details
gitea/ansible-roles/pipeline/tag This commit looks good Details
2023-10-14 07:38:22 +02:00
Jérémy Lecour 3b3b130248
Release 23.10
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|6|2620|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/375//ansiblelint">Evolix » ansible-roles » unstable #375</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-14 07:37:18 +02:00
Jérémy Lecour 31990cfe80
Linting CHANGELOG 2023-10-14 07:36:29 +02:00
Jérémy Lecour 3e55768c49
evolinux-base: replace value if present
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|7|2619|15|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/374//ansiblelint">Evolix » ansible-roles » unstable #374</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-14 07:25:07 +02:00
Jérémy Lecour 86e753b7a0
timesyncd: rename variable ntp_servers to timesyncd_ntp_servers and check for minimum number of elements 2023-10-14 07:07:57 +02:00
Jérémy Lecour 9c56cff642
conventions 2023-10-14 07:05:55 +02:00
Jérémy Lecour 243c64f555
timesyncd: compact tasks 2023-10-14 06:59:57 +02:00
Alexis Ben Miloud--Josselin bbf6ce6f6e rbenv: Installer libyaml-dev
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2634|7|2627|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/373//ansiblelint">Evolix » ansible-roles » unstable #373</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
Le paquet est nécessaire en Debian 12.
2023-10-12 17:49:00 +02:00
Alexis Ben Miloud--Josselin dbd1103078 docker-host: Retirer directive state en trop
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2633|3|2630|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/372//ansiblelint">Evolix » ansible-roles » unstable #372</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-11 18:06:13 +02:00
Alexis Ben Miloud--Josselin bc3656dd4c evolinux-base: retirer tâche traitée
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2635|10|2625|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/371//ansiblelint">Evolix » ansible-roles » unstable #371</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-11 12:07:05 +02:00
Alexis Ben Miloud--Josselin a80076a5ea evolinux-base: Corriger autorisation pour evolinux_user
Cas configuration SSH séparée. Ticket #74636.
2023-10-11 10:02:34 +02:00
Jérémy Lecour 3347ac4271
evomaintenance: upstream release 23.10.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2631|4|2627|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/370//ansiblelint">Evolix » ansible-roles » unstable #370</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-09 18:13:48 +02:00
Alexis Ben Miloud--Josselin 0c9b55e5e1 evolix-base/root: fix module used
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2630|3|2627|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/369//ansiblelint">Evolix » ansible-roles » unstable #369</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-09 17:12:15 +02:00
Jérémy Lecour c673ed10c6
evomaintenance: upstream release 23.10
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2631|3|2628|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/368//ansiblelint">Evolix » ansible-roles » unstable #368</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-09 16:24:47 +02:00
Jérémy Lecour 0f15484ada
kvm-tools: migrate-vm: remove transient/persistent options + allow migration of stopped VM
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2632|5|2627|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/367//ansiblelint">Evolix » ansible-roles » unstable #367</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-06 15:25:29 +02:00
Jérémy Lecour d6a777be72
kvm-host: migrate-vm: set migration speed even on bridges
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2632|5|2627|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/366//ansiblelint">Evolix » ansible-roles » unstable #366</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-05 22:05:17 +02:00
Jérémy Lecour 31456aa126
kvm-host: migrate-vm: set drbd role after define/undefine 2023-10-05 18:06:30 +02:00
Jérémy Lecour 9cd0426d2b
nagios-nrpe: sync Redis check from redis roles
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2632|6|2626|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/365//ansiblelint">Evolix » ansible-roles » unstable #365</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-10-03 13:34:53 +02:00
David Prevot fef86b0a3f apt: Add Signed-by on Bookworm updates
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2631|4|2627|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/364//ansiblelint">Evolix » ansible-roles » unstable #364</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
The generic keyring is used instead of the specific ones for system and
security because /usr/share/keyrings/debian-archive-bookworm-* are not
present (yet) on major upgrades. It’s not ideal, and should be replaced
afterwards.

https://wiki.evolix.org/HowtoDebian/SourcesList#bookworm-12
2023-09-29 16:09:14 +02:00
David Prevot f2c37dddff Use timesyncd instead of ntpd starting with Debian 12 (not always)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2631|7|2624|9|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/363//ansiblelint">Evolix » ansible-roles » unstable #363</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-28 17:25:18 +02:00
David Prevot 35e7f22210 deb822-migration: Don’t keep evolix_public_old.sources on upgrade
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2633|25|2608|16|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/362//ansiblelint">Evolix » ansible-roles » unstable #362</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-28 15:59:16 +02:00
David Prevot b722ca822f evolinux-base: remount /usr rw before writting on it 2023-09-28 15:27:20 +02:00
David Prevot a2306e6a15 Changelog for previous commit 2023-09-28 15:27:19 +02:00
David Prevot ca67feb39e New timesyncd role used instead of ntpd by default 2023-09-28 15:27:19 +02:00
David Prevot aa13171f91 Changelog for previous commit
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2624|4|2620|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/361//ansiblelint">Evolix » ansible-roles » unstable #361</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-26 18:00:59 +02:00
David Prevot ec4c9108e7 Allow Java 17 2023-09-26 18:00:57 +02:00
David Prevot c03dd0ca2f Changelog for previous commit 2023-09-26 18:00:48 +02:00
David Prevot d69259f2ca LXC: Drop openssh-server from just installed container 2023-09-26 18:00:42 +02:00
Ludovic Poujol a65230b5e0 mysql: new munin graph to follow binlog_days over time
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|7|2618|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/360//ansiblelint">Evolix » ansible-roles » unstable #360</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-26 17:35:14 +02:00
Bruno TATU ee6bd8cec4 keep rights from current log
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2623|5|2618|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/359//ansiblelint">Evolix » ansible-roles » unstable #359</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-26 11:42:21 +02:00
Brice Waegeneire e4a70b3c0c Revert "Add pki role."
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2623|3|2620|26|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/358//ansiblelint">Evolix » ansible-roles » unstable #358</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
This reverts commit ac70793ad6.

Implementation too inflexible. Try again!
2023-09-21 16:56:39 +02:00
Brice Waegeneire 4c91f424c6 Revert "pki: fix conventions and idioms"
This reverts commit dfe2448e86.

Implementation too inflexible. Try again!
2023-09-21 16:56:01 +02:00
Jérémy Lecour dfe2448e86
pki: fix conventions and idioms
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2646|6|2640|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/357//ansiblelint">Evolix » ansible-roles » unstable #357</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-21 16:05:08 +02:00
Jérémy Lecour b5550d2ce2
lxc-php: fix APT keyring path inside containers 2023-09-21 15:47:23 +02:00
Jérémy Lecour cc9d0c59d3
CHANGELOG cleanup
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2646|5|2641|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/356//ansiblelint">Evolix » ansible-roles » unstable #356</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-20 14:33:45 +02:00
William Hirigoyen 6cd4048a0c bind: add todo to reload-zone script
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|5|2642|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/354//ansiblelint">Evolix » ansible-roles » unstable #354</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-20 14:28:54 +02:00
Jérémy Lecour 1dbe51fc65
Revert "add new version of evocheck.sh"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2646|5|2641|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/353//ansiblelint">Evolix » ansible-roles » unstable #353</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
This reverts commit 4ca17f06c1.
2023-09-20 13:32:38 +02:00
Jérémy Lecour 050b2ae419
kvm-host: migrate-vm sets the migration speed automatically
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|5|2642|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/352//ansiblelint">Evolix » ansible-roles » unstable #352</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-20 13:08:42 +02:00
Bruno TATU 45fc4b3371 whitelist domains used by nextcloud
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|4|2643|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/351//ansiblelint">Evolix » ansible-roles » unstable #351</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-20 09:47:22 +02:00
William Hirigoyen 1848a6162a nagios-nrpe: check-local can now detect anwqd connect to local IPs other than 127.0.0.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2646|4|2642|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/350//ansiblelint">Evolix » ansible-roles » unstable #350</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-18 10:53:24 +02:00
Iliane Said 4ca17f06c1 add new version of evocheck.sh
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2646|5|2641|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/349//ansiblelint">Evolix » ansible-roles » unstable #349</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-18 10:07:36 +02:00
William Hirigoyen 2c98717ebc nagios-nrpe: check-local now supports /etc/nagios/{nrpe.cfg,nrpe_local.cfg} + better completion
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2648|7|2641|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/348//ansiblelint">Evolix » ansible-roles » unstable #348</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-15 16:36:57 +02:00
William Hirigoyen f8b9361afd lxc-php: Fix /etc/profile.d/evolinux.sh mode in containers (defauft umask -> 644)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|6|2641|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/347//ansiblelint">Evolix » ansible-roles » unstable #347</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-15 15:27:37 +02:00
William Hirigoyen d7d8ee63b2 Revert "lxc-php: Fix /etc/profile.d/evolinux.sh mode in containers (defauft umask -> 644)"
This reverts commit 92788a8b93.
2023-09-15 15:20:45 +02:00
William Hirigoyen 92788a8b93 lxc-php: Fix /etc/profile.d/evolinux.sh mode in containers (defauft umask -> 644)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2647|4|2643|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/346//ansiblelint">Evolix » ansible-roles » unstable #346</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-14 17:11:46 +02:00
Brice Waegeneire 689ed21b38 evolinux-base: Add missing journald.conf
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2648|30|2618|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/345//ansiblelint">Evolix » ansible-roles » unstable #345</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-13 11:36:02 +02:00
Brice Waegeneire 682fac14b2 nagios-nrpe: Make check_process configurable 2023-09-13 11:35:37 +02:00
Brice Waegeneire ac70793ad6 Add pki role. 2023-09-13 11:35:37 +02:00
Jérémy Lecour b57a5c3b3c
evolinux-base: default value for evolinux_kernel_cloud_reboot (true)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|15|2610|13|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/344//ansiblelint">Evolix » ansible-roles » unstable #344</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-13 09:42:30 +02:00
Jérémy Lecour 53a0e56472
metricbeat/logstash: fix Ansible syntax 2023-09-13 09:38:44 +02:00
Jérémy Lecour 41004e20b4
kvm-host: migrate-vm exits if DRBD is not up-to-date
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2623|2|2621|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/343//ansiblelint">Evolix » ansible-roles » unstable #343</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-12 11:38:54 +02:00
William Hirigoyen 2af2e5ee78 nagios-nrpe: set default check_load --per-cpu for BSD
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2623|6|2617|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/342//ansiblelint">Evolix » ansible-roles » unstable #342</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-11 09:25:21 +02:00
William Hirigoyen 2a7d2d9c58 postfix: disable IPv6
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|2|2620|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/341//ansiblelint">Evolix » ansible-roles » unstable #341</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-05 15:44:37 +02:00
Mathieu Trossevin 4ee7c89410
fix(nagios-nrpe): Add missing dependency for new gluster.rb plugin
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|3|2619|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/340//ansiblelint">Evolix » ansible-roles » unstable #340</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-05 15:22:49 +02:00
Mathieu Trossevin cfca604670
nagios-nrpe: Add proper plugin to monitor glusterfs health
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|1|2621|3|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/339//ansiblelint">Evolix » ansible-roles » unstable #339</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-09-05 15:21:08 +02:00
William Hirigoyen 7ad296e74f Revert "postfix: Move common packages installation in common.yml"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2624|23|2601|18|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/338//ansiblelint">Evolix » ansible-roles » unstable #338</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
This reverts commit ec4fd5d27f.
2023-08-31 17:48:00 +02:00
William Hirigoyen 1b6700925c Revert "postfix: Replace ansible_fqdn by evolinux_fqdn, set postfix_slow_transport_include to false by default (only for packmails and packwebs)"
This reverts commit bfe3bd7ef4.
2023-08-31 17:47:58 +02:00
William Hirigoyen 5b63ba112c Revert "evolinux-base: include postfix role, move exim4 purge from evolinux-base to postfix role"
This reverts commit a440110cad.
2023-08-31 17:47:49 +02:00
Gregory Colpart e289fd7119 j'ai refait le script par rapport aux autres modèles
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2619|4|2615|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/337//ansiblelint">Evolix » ansible-roles » unstable #337</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-31 17:39:28 +02:00
William Hirigoyen a440110cad evolinux-base: include postfix role, move exim4 purge from evolinux-base to postfix role
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2620|19|2601|21|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/336//ansiblelint">Evolix » ansible-roles » unstable #336</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-31 17:30:34 +02:00
William Hirigoyen bfe3bd7ef4 postfix: Replace ansible_fqdn by evolinux_fqdn, set postfix_slow_transport_include to false by default (only for packmails and packwebs) 2023-08-31 17:30:34 +02:00
William Hirigoyen ec4fd5d27f postfix: Move common packages installation in common.yml 2023-08-31 17:30:34 +02:00
Alexis Ben Miloud--Josselin 73c0a0d29a evolinux-base: include files under sshd_config.d
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|10|2612|10|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/335//ansiblelint">Evolix » ansible-roles » unstable #335</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
In case we need to add the Include directive, we add it at the
beginning of the global configuration file. This way the Include
directive can't be inside a Match directive.
2023-08-31 17:09:43 +02:00
Gregory Colpart 354c11fc25 ajout hook certbot pour ProFTPD
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|3|2619|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/334//ansiblelint">Evolix » ansible-roles » unstable #334</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-31 14:45:21 +02:00
Jérémy Lecour 8ca7cc4692
kvm-host: release 23.08 for migrate-vm.sh
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2623|4|2619|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/333//ansiblelint">Evolix » ansible-roles » unstable #333</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-31 11:26:21 +02:00
Jérémy Lecour e2dea8054f
kvm-host: add batch-mode and ignore stdin for SSH command in migrate-vm.sh 2023-08-31 11:26:20 +02:00
Eric Morino df202197c7 Change lxc container in bookworm for php82
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|5|2617|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/332//ansiblelint">Evolix » ansible-roles » unstable #332</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-29 15:28:09 +02:00
Eric Morino 6e5ba9bd9a Merge branch 'lxc-php82' into unstable
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2622|9|2613|11|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/331//ansiblelint">Evolix » ansible-roles » unstable #331</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-29 15:26:40 +02:00
Eric Morino 090495e920 Fix rôle lxc-php for php82 in bookworm container
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|6|2620|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/lxc-php82/1//ansiblelint">Evolix » ansible-roles » lxc-php82 #1</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-29 15:07:35 +02:00
Ludovic Poujol 594146bdac kibana: include tasks instead of import
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2624|3|2621|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/330//ansiblelint">Evolix » ansible-roles » unstable #330</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-29 12:06:21 +02:00
Ludovic Poujol e71cffd8fd php: add new variable to disable oveeriding settings of php-fpm default pool (www)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2624|6|2618|10|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/329//ansiblelint">Evolix » ansible-roles » unstable #329</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-28 17:08:33 +02:00
Eric Morino 8c72a7de8e New container lcx php82 in bookworm
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|0|2626|0|:zzz: Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-24 15:23:32 +02:00
Alexis Ben Miloud--Josselin b8b48bbcb9 evocheck: Fix IS_SSHALLOWUSERS condition
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2628|4|2624|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/328//ansiblelint">Evolix » ansible-roles » unstable #328</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-23 16:18:35 +02:00
Brice Waegeneire 53aab6f405 evolinux-base: Add comments structure in logs
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2628|11|2617|10|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/327//ansiblelint">Evolix » ansible-roles » unstable #327</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-23 15:48:45 +02:00
Brice Waegeneire fe369257ed evolinux-base: Limit journald to 1 day 2023-08-23 15:48:42 +02:00
Brice Waegeneire 0e1fe0e81f evolinux-base: Disable logcheck monitoring of journald 2023-08-23 15:05:10 +02:00
Ludovic Poujol 5cc7c13104 evolinux-base/tasks/kernel.yml > fix typo, 'is changed' vs '| changed'
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2627|4|2623|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/326//ansiblelint">Evolix » ansible-roles » unstable #326</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-22 12:28:57 +02:00
Jérémy Lecour bb41d313a9
apt: Explicit "signed-by" directives for official sources
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|5|2620|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/325//ansiblelint">Evolix » ansible-roles » unstable #325</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-18 16:28:03 +02:00
Brice Waegeneire a56682a7ca kvm-host: Add support for kvm solo
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|4|2621|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/324//ansiblelint">Evolix » ansible-roles » unstable #324</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-18 15:17:13 +02:00
Jérémy Lecour feba74c469
evolinux-base: reboot the server if the Cloud kernel has been installed
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|10|2616|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/323//ansiblelint">Evolix » ansible-roles » unstable #323</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-18 12:10:01 +02:00
Jérémy Lecour 67c6167474
apt: Disable NonFreeFirmware warning for VM on Debian 12+ 2023-08-18 12:10:00 +02:00
Alexis Ben Miloud--Josselin 536d051890 Fix mode for files under /etc/ssh/sshd_config.d
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2621|5|2616|10|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/322//ansiblelint">Evolix » ansible-roles » unstable #322</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-16 18:21:06 +02:00
Alexis Ben Miloud--Josselin 36cd982f35 Merge branch 'ssh-split' into unstable
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|29|2597|15|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/321//ansiblelint">Evolix » ansible-roles » unstable #321</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-16 16:15:00 +02:00
Alexis Ben Miloud--Josselin 263f940c3d Update Changelog
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2627|8|2619|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/ssh-split/9//ansiblelint">Evolix » ansible-roles » ssh-split #9</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-16 16:14:42 +02:00
Alexis Ben Miloud--Josselin a478348716 Fix grep under /etc/ssh
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2625|5|2620|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/ssh-split/8//ansiblelint">Evolix » ansible-roles » ssh-split #8</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-16 16:05:37 +02:00
Alexis Ben Miloud--Josselin f7f578705c Fix config file path
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2626|4|2622|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/ssh-split/7//ansiblelint">Evolix » ansible-roles » ssh-split #7</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 4a0d3a4965 Fix permitrootlogin condition 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin fbb0b73e3a Add permitrootlogin at beginning of file 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 7e15e01b14 Fix task name 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 86978a8225 evolinux-users: Fix "disable root login" task 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 0098cd2f08 evolinux-users: Fix "validate" syntax 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin e70ab6d039 evolinux-users: Fix tests order 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin fc8105e84e evolinux-users: prepare SSH configuration for Debian 12 (wip) 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 87711ef00c evolinux-base: PermitRootLogin depends on evolinux_root_disable_ssh 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin fc241f2835 evolinux-base: Add SSH configuration template 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin eca2b5e4bf fqcn 2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin ec34d8afe1 Move PermitRootLogin to another file
Debian >= 12.
2023-08-16 15:25:07 +02:00
Alexis Ben Miloud--Josselin 5265119912 evocheck/ssh: add Debian 12 condition 2023-08-16 15:25:07 +02:00
Eric Morino b92871bfef Add variable ansible_distribution_release on preference file for fix version of postgresql
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|5|2607|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/320//ansiblelint">Evolix » ansible-roles » unstable #320</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-14 09:29:12 +02:00
William Hirigoyen 81849c6537 userlogrotate: new version, with separate conf file
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|5|2608|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/319//ansiblelint">Evolix » ansible-roles » unstable #319</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-11 10:51:45 +02:00
Ludovic Poujol 204b8af59b php: Add missing gpg key for pub.evolix.org (and remove reg.asc)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|2|2610|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/318//ansiblelint">Evolix » ansible-roles » unstable #318</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
Completes commit cc3fb051b0
2023-08-09 17:08:03 +02:00
William Hirigoyen a867da5ca9 nagios-nrpe: fix missing quote in check-local completion
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|4|2608|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/317//ansiblelint">Evolix » ansible-roles » unstable #317</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-08 16:53:47 +02:00
Ludovic Poujol f0abb53750 evolinux-base: New variable "evolinux_system_include_ntpd" to chose wether or not to include ntpd role
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|13|2600|13|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/316//ansiblelint">Evolix » ansible-roles » unstable #316</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-04 11:47:42 +02:00
Eric Morino 87d09275a0 postgresql: fix file postgresql.pref.j2 for exclude package
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|4|2609|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/315//ansiblelint">Evolix » ansible-roles » unstable #315</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-04 10:18:08 +02:00
Eric Morino eca010d959 postgresql: fix task "update apt cache" for PGDG repo
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|6|2607|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/314//ansiblelint">Evolix » ansible-roles » unstable #314</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-04 09:56:44 +02:00
Jérémy Lecour 3ce412341f
dump-server-state: upstream release 23.08
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|4|2608|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/313//ansiblelint">Evolix » ansible-roles » unstable #313</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-08-01 23:00:11 +02:00
David Prevot 05715d92f3 Fix template has no state
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|8|2605|9|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/312//ansiblelint">Evolix » ansible-roles » unstable #312</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-31 18:33:30 +02:00
David Prevot bc714c5ac8 Prepare lxc-php82 on Bookworm (not yet by default) 2023-07-31 18:33:30 +02:00
Ludovic Poujol 16bba8b469 fail2ban: add variable fail2ban_sshd_port to configure sshd port
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2614|6|2608|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/311//ansiblelint">Evolix » ansible-roles » unstable #311</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-31 11:50:36 +02:00
William Hirigoyen 7e193e4916 nagios-nrpe: improve check-local completion
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2611|3|2608|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/310//ansiblelint">Evolix » ansible-roles » unstable #310</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-28 12:01:13 +02:00
William Hirigoyen e6ef4396f3 postfix: minor modifs spamp.sh 2023-07-28 12:00:31 +02:00
David Prevot 8e99b9fcb8 Use our current repository even in comments
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|3|2610|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/309//ansiblelint">Evolix » ansible-roles » unstable #309</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-27 14:50:54 +02:00
David Prevot 043f714722 Clean file committed by mistake 2023-07-27 14:43:08 +02:00
Eric Morino 6f218a7763 Add enabled and started systemd unit for mailgraph
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|3|2609|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/308//ansiblelint">Evolix » ansible-roles » unstable #308</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-26 10:44:26 +02:00
William Hirigoyen 5bd6893dac postfix: split packmail.yml, create packmail-spam.yml to be called separately for update
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2611|15|2596|16|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/307//ansiblelint">Evolix » ansible-roles » unstable #307</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-26 09:37:45 +02:00
William Hirigoyen 3c3db4fefa postfix: new spam.sh update script that avoids reloading if files did not change.
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|5|2607|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/306//ansiblelint">Evolix » ansible-roles » unstable #306</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-25 15:24:00 +02:00
David Prevot 4b4b34e849 Ensure {{ apt_keyring_dir }} directory exists
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2612|29|2583|13|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/305//ansiblelint">Evolix » ansible-roles » unstable #305</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-25 10:59:53 +02:00
David Prevot b64072fbbb Ticket #70508 : ajout check_elasticsearch_shards
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2596|2|2594|3|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/304//ansiblelint">Evolix » ansible-roles » unstable #304</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-25 10:24:41 +02:00
William Hirigoyen c2e27d025c nagios-nrpe: add brackets in check grep
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2597|2|2595|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/303//ansiblelint">Evolix » ansible-roles » unstable #303</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-24 15:35:09 +02:00
William Hirigoyen b6886384b9 redis: replace errorneous ini_file module for Munin config, fix dedicted Munin config filename (z-XXX)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2597|7|2590|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/302//ansiblelint">Evolix » ansible-roles » unstable #302</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-21 16:51:02 +02:00
William Hirigoyen 1a1d4265a7 dovecot: set Munin config in dedicated file
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|6|2592|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/301//ansiblelint">Evolix » ansible-roles » unstable #301</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-21 16:33:15 +02:00
William Hirigoyen ef642e564e bind: Add reload-zone helper
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|2|2596|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/300//ansiblelint">Evolix » ansible-roles » unstable #300</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-21 16:19:26 +02:00
William Hirigoyen 030871ea9b opendkim: update apt cache before install
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2600|5|2595|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/299//ansiblelint">Evolix » ansible-roles » unstable #299</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-20 16:33:15 +02:00
David Prevot 440a54c21c Allow script to work on old and not yet usr-merged systems
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|3|2595|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/298//ansiblelint">Evolix » ansible-roles » unstable #298</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-20 16:17:43 +02:00
William Hirigoyen f2eaac0894 nginx: set default server directive in default vhost
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|5|2593|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/297//ansiblelint">Evolix » ansible-roles » unstable #297</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-17 17:31:21 +02:00
William Hirigoyen 67f0fa5942 evolinux-base: configure bashrc for all users
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|9|2589|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/296//ansiblelint">Evolix » ansible-roles » unstable #296</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-17 17:18:55 +02:00
William Hirigoyen 7133783695 Update CHANGELOG
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2597|4|2593|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/295//ansiblelint">Evolix » ansible-roles » unstable #295</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-17 17:09:38 +02:00
Jérémy Lecour 4476c4b633
etc-git: include → import_tasks
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2595|4|2591|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/294//ansiblelint">Evolix » ansible-roles » unstable #294</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-12 09:40:25 +02:00
Jérémy Lecour 83f7b6cdca
evolinux: Install HPE Agentless Management Service (amsd) 2023-07-12 09:40:24 +02:00
Ludovic Poujol f50848917a fail2ban: Fix cron fail2ban_dbpurge (should be bash instead of sh)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|5|2593|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/293//ansiblelint">Evolix » ansible-roles » unstable #293</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-10 16:41:12 +02:00
David Prevot fa35cb6d8f Use --force-yes for lxc-php so it can run on Jessie
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2596|4|2592|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/292//ansiblelint">Evolix » ansible-roles » unstable #292</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-10 15:27:27 +02:00
William Hirigoyen 016750685f userlogrotate: add a userlogpurge script disabled by default
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2598|9|2589|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/291//ansiblelint">Evolix » ansible-roles » unstable #291</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-07 15:05:41 +02:00
William Hirigoyen da0110b4f3 nagios-nrpe: Cleaning of check_ssl_local (minor)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2594|6|2588|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/290//ansiblelint">Evolix » ansible-roles » unstable #290</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-07 12:02:02 +02:00
Mathieu Trossevin 831715e44c
fix(nagios-nrpe): Fix check_ssl_local output
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2596|5|2591|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/289//ansiblelint">Evolix » ansible-roles » unstable #289</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
nrpe read output of plugins from stdout only, if there is no output it
return UNKNOWN regardless of return code.
2023-07-07 11:30:22 +02:00
William Hirigoyen 53f82edefb evocheck: upstream release 23.07
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2594|6|2588|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/288//ansiblelint">Evolix » ansible-roles » unstable #288</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-07 11:18:20 +02:00
William Hirigoyen aa10f719b4 redis: standardize plugins path from /usr/local/share/munin/ to /usr/local/lib/munin/plugins/
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2593|0|2593|1|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/287//ansiblelint">Evolix » ansible-roles » unstable #287</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-06 11:04:53 +02:00
Jérémy Lecour d747ee0f83
minifirewall: add safe-restart and safe-start commands
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2594|3|2591|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/286//ansiblelint">Evolix » ansible-roles » unstable #286</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-06 08:51:02 +02:00
Jérémy Lecour 0331c23ad6
minifirewall: update nrpe script to check active configuration
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2594|6|2588|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/285//ansiblelint">Evolix » ansible-roles » unstable #285</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-05 09:54:53 +02:00
Jérémy Lecour e347b6eca8
minifirewall: upstream release 23.07 2023-07-05 09:54:52 +02:00
Bruno TATU fb184a0ecf Set fail2ban_dbpurgeage_default variable for fail2ban
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2594|5|2589|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/284//ansiblelint">Evolix » ansible-roles » unstable #284</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-04 15:36:02 +02:00
Gregory Colpart bb54c9209e add options for Amavis integration in Postfix packmail
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2595|6|2589|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/283//ansiblelint">Evolix » ansible-roles » unstable #283</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-04 09:52:47 +02:00
Gregory Colpart 1ecb463104 change default minimal_backoff_time (Postfix role)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2595|6|2589|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/282//ansiblelint">Evolix » ansible-roles » unstable #282</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-04 09:50:20 +02:00
Tom David--Broglio e4436d9066 docker-host: added var for user namespace setting
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2595|5|2590|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/281//ansiblelint">Evolix » ansible-roles » unstable #281</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-03 18:37:15 +02:00
Jérémy Lecour a6bac1f20b
change syntax "become: [yes,no]" → "become: [true,false]"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2593|3|2590|23|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/280//ansiblelint">Evolix » ansible-roles » unstable #280</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-07-03 14:21:22 +02:00
Bruno TATU 18f160fb83 valeur que l'on propose par défaut
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2613|5|2608|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/279//ansiblelint">Evolix » ansible-roles » unstable #279</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-28 14:55:16 +02:00
Jérémy Lecour 00fe225a3c
force: [yes,no] → force [true,false]
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2615|7|2608|177|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/278//ansiblelint">Evolix » ansible-roles » unstable #278</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-28 13:25:30 +02:00
William Hirigoyen def4d54538 dovecot: fix taks for check mode (minor)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|3|2782|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/277//ansiblelint">Evolix » ansible-roles » unstable #277</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-27 17:09:19 +02:00
David Prevot 9f632100fb Drop useless spaces
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|4|2781|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/276//ansiblelint">Evolix » ansible-roles » unstable #276</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-23 15:12:05 +02:00
William Hirigoyen 42ad894d45 dovecot: new Munin plugins, fix old_stats config
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2787|8|2779|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/275//ansiblelint">Evolix » ansible-roles » unstable #275</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-23 11:26:35 +02:00
William Hirigoyen 64c1da40b0 nagios-nrpe: corrige les cas où un check est défini plusieurs fois ou commenté
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|3|2782|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/274//ansiblelint">Evolix » ansible-roles » unstable #274</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-21 16:14:35 +02:00
Ludovic Poujol aec5406043 varnish: Allow the systemd template to be overriden with a template outside of the role
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2786|4|2782|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/273//ansiblelint">Evolix » ansible-roles » unstable #273</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-19 16:09:40 +02:00
David Prevot 2e73bf09f7 amavis: Workaround https://bugs.debian.org/569150
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2788|6|2782|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/272//ansiblelint">Evolix » ansible-roles » unstable #272</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-15 17:52:41 +02:00
William Hirigoyen 19787152d8 postfix: remove duplicate directive
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2788|8|2780|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/271//ansiblelint">Evolix » ansible-roles » unstable #271</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-15 17:19:17 +02:00
Jérémy Lecour 1c60b02e77
.gitignore .vscode directory
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|4|2781|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/270//ansiblelint">Evolix » ansible-roles » unstable #270</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-15 15:26:07 +02:00
Ludovic Poujol 9a5b5a39a9 policy_pam > Add support for Debian 10/9
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|7|2778|12|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/269//ansiblelint">Evolix » ansible-roles » unstable #269</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-12 11:35:53 +02:00
Eric Morino 1ec212f514 rename handler
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2790|6|2784|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/268//ansiblelint">Evolix » ansible-roles » unstable #268</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-05 14:28:06 +02:00
Ludovic Poujol 24d7fe5def pam_policy: Default settings : disabled
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2790|7|2783|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/267//ansiblelint">Evolix » ansible-roles » unstable #267</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-05 11:33:08 +02:00
Ludovic Poujol b234fdaea9 pam_policy : Ensure it's only executed on Debian 11+ systems 2023-06-05 10:33:34 +02:00
Ludovic Poujol 5c095dc862 policy_pam : Enforce password min days to prevent circumvention of pwhistory
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2791|9|2782|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/266//ansiblelint">Evolix » ansible-roles » unstable #266</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-05 10:27:22 +02:00
William Hirigoyen e00af3aafb nagios-nrpe: allow check-local for Debian < 10
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2790|5|2785|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/265//ansiblelint">Evolix » ansible-roles » unstable #265</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-02 09:47:20 +02:00
Jérémy Lecour 060018be26 vscode: ansible/yaml formatter
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2791|9|2782|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/264//ansiblelint">Evolix » ansible-roles » unstable #264</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-06-01 09:43:43 +02:00
Jérémy Lecour 318991fe42 pbbouncer: minor fixes 2023-06-01 09:43:20 +02:00
Jérémy Lecour 5027151011 elasticsearch: use an Integer
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2789|5|2784|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/263//ansiblelint">Evolix » ansible-roles » unstable #263</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-31 17:25:27 +02:00
Jérémy Lecour 2c079755e9 elasticsearch: comment the Xlog:gc line instead of changing it completely 2023-05-31 17:25:27 +02:00
Eric Morino 9f87049ee4 add variables for admin_users and stats_users to access on the pgbouncer console
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2791|12|2779|11|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/262//ansiblelint">Evolix » ansible-roles » unstable #262</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-31 17:09:42 +02:00
Eric Morino 81e1d1b0c1 Add variable pgbouncer_auth_type and add README
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2790|4|2786|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/261//ansiblelint">Evolix » ansible-roles » unstable #261</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-31 15:50:20 +02:00
Jérémy Lecour 1ae40e7686 nagios-nrpe: remount /usr **after** installing the packages
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2789|6|2783|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/260//ansiblelint">Evolix » ansible-roles » unstable #260</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-31 11:27:32 +02:00
emorino 6837df5a9e Delete old configuration file
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2787|5|2782|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/259//ansiblelint">Evolix » ansible-roles » unstable #259</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-29 10:53:02 +02:00
emorino 3e00632a41 Add include to /etc/opendkim-evolix.conf on default configuration file, cf. #68552
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2787|8|2779|9|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/258//ansiblelint">Evolix » ansible-roles » unstable #258</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-29 10:51:36 +02:00
William Hirigoyen 9ff615f19a nagios-nrpe: switch to echo (printf problem with % chars)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2788|8|2780|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/256//ansiblelint">Evolix » ansible-roles » unstable #256</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-25 16:15:22 +02:00
William Hirigoyen 5563b4f8f2 nagios-nrpe: improve check-local output and fix completion in Debian 10
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2786|2|2784|1|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/256//ansiblelint">Evolix » ansible-roles » unstable #256</a> Details
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2023-05-25 16:01:04 +02:00
Ludovic Poujol 91bcd2a605 policy_pam: New role allowing to manage password policy with pam_pwquality & pam_pwhistory
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2785|11|2774|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/255//ansiblelint">Evolix » ansible-roles » unstable #255</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-25 11:43:53 +02:00
Jérémy Lecour 8706a35705 mysql: improve shell syntax for mysql_skip script
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2776|4|2772|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/254//ansiblelint">Evolix » ansible-roles » unstable #254</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-22 14:16:50 +02:00
Eric Morino 7b667d1650 Add task for mount nextcloud_data volume
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2777|2|2775|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/253//ansiblelint">Evolix » ansible-roles » unstable #253</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-19 16:21:41 +02:00
William Hirigoyen 5ef4d91f1c mysql: add missing notify to restart MySQL after setting config
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2777|6|2771|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/252//ansiblelint">Evolix » ansible-roles » unstable #252</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-16 18:04:03 +02:00
Jérémy Lecour 7660444c9a fix syntax
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2777|6|2771|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/251//ansiblelint">Evolix » ansible-roles » unstable #251</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-12 18:14:25 +02:00
Jérémy Lecour f79d8456d6 elasticsearch: improve networking configuration 2023-05-12 18:14:19 +02:00
William Hirigoyen 3d8ae87368 nagios-nrpe: add double quotes to input var in check-local
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2778|5|2773|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/250//ansiblelint">Evolix » ansible-roles » unstable #250</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-12 12:38:40 +02:00
William Hirigoyen 6ab34517b6 nagios-nrpe: add a NRPE check-local command with completion
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2781|5|2776|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/249//ansiblelint">Evolix » ansible-roles » unstable #249</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-12 12:35:49 +02:00
David Prevot ad2d96d890 tfix s/import/include/
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2781|7|2774|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/248//ansiblelint">Evolix » ansible-roles » unstable #248</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-11 17:51:55 +02:00
Jérémy Lecour d3345d2866 apt: move stretch backports to archive.d.o
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2778|4|2774|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/247//ansiblelint">Evolix » ansible-roles » unstable #247</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-09 10:48:04 +02:00
William Hirigoyen db0b5ab3db postfix: add missing localhost.$mydomain to mydestination
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2781|5|2776|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/246//ansiblelint">Evolix » ansible-roles » unstable #246</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-05-02 14:21:39 +02:00
William Hirigoyen 9821fc8f78 userlogrotate: rotate also php.log
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2780|4|2776|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/245//ansiblelint">Evolix » ansible-roles » unstable #245</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-27 10:52:32 +02:00
William Hirigoyen 5c60fad29c evolinux-users: remove Stretch references in tasks that also apply to next Debian versions.
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2779|6|2773|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/244//ansiblelint">Evolix » ansible-roles » unstable #244</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-26 18:10:45 +02:00
William Hirigoyen 8f4bcccbc3 packweb-apache,nagios-nrpe: add missing task and config fo PHP 8.2 container
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2780|10|2770|8|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/243//ansiblelint">Evolix » ansible-roles » unstable #243</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-26 17:43:26 +02:00
Jérémy Lecour a10cff94d0 Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/tag This commit looks good Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2779|4|2775|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/stable/8//ansiblelint">Evolix » ansible-roles » stable #8</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-23 10:49:00 +02:00
Jérémy Lecour 6cd72cf9f4 Release 23.04
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2778|3|2775|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/242//ansiblelint">Evolix » ansible-roles » unstable #242</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-23 10:48:39 +02:00
Jérémy Lecour 42e98791d9 Extract patroni role into its own branch for now
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2778|3|2775|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/241//ansiblelint">Evolix » ansible-roles » unstable #241</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-23 10:31:02 +02:00
Brice Waegeneire e8c7d2c3e3 lxc-php: add support for PHP 8.2 container
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2792|10|2782|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/239//ansiblelint">Evolix » ansible-roles » unstable #239</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-20 11:27:56 +02:00
David Prevot 37e6b14001 listupgrade: Fix removal order
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4832|7|4825|8|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/stable/5//ansiblelint">Evolix » ansible-roles » stable #5</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-18 09:47:03 +02:00
Eric Morino 602bb22984 Add template systemd for patroni
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2788|3|2785|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/238//ansiblelint">Evolix » ansible-roles » unstable #238</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-13 09:55:35 +02:00
William Hirigoyen 0c2e06de33 evocheck: upstream release 23.04.01
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2791|3|2788|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/237//ansiblelint">Evolix » ansible-roles » unstable #237</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-07 11:53:30 +02:00
William Hirigoyen 956e644ac4 evocheck: upstream release 23.04
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2792|3|2789|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/236//ansiblelint">Evolix » ansible-roles » unstable #236</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-07 11:00:13 +02:00
Eric Morino 23b26fa239 changement variable postgresql_hosts
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2792|3|2789|1|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/235//ansiblelint">Evolix » ansible-roles » unstable #235</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-03 17:33:12 +02:00
Eric Morino b7723cfe69 fix bin_dir variable
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2790|4|2786|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/234//ansiblelint">Evolix » ansible-roles » unstable #234</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-03 17:21:14 +02:00
Eric Morino 8ec5c79ca1 Add new role Patroni in CHANGELOG
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2792|20|2772|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/233//ansiblelint">Evolix » ansible-roles » unstable #233</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-04-03 14:45:17 +02:00
Eric Morino 7d75ed1a96 Add key GPG evolix, and fix some bugs 2023-04-03 14:34:03 +02:00
Eric Morino c157450a2c début creation rôle patroni 2023-04-03 14:34:03 +02:00
Alexis Ben Miloud--Josselin ce247dba56 Add role for Graylog
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2776|17|2759|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/232//ansiblelint">Evolix » ansible-roles » unstable #232</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-30 17:58:30 +02:00
Alexis Ben Miloud--Josselin d37f6c0e3f PgBouncer: add handler (restart)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2763|5|2758|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/231//ansiblelint">Evolix » ansible-roles » unstable #231</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-30 13:21:33 +02:00
Ludovic Poujol 34a0dae3e6 generate-ldif: Support for Debian 12
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2763|3|2760|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/230//ansiblelint">Evolix » ansible-roles » unstable #230</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
The script required few changes to adapt to the new output of lscpu & usage of lspci

lscpu
- Multiple Vendor ID fields (CPU & Bios) > We keep the first one tied to the CPU info
- No more CPU Speed displayed for virtual machines. We guess the CPU Speed with the CPU Name (Thanks intel puting it in the CPU Name). But that's not going to work with AMD CPUs. An alternative would be to have a peek at /proc/cpu

lspci
- Remove the "0x" prefix as it seems invalid with lscpi version on Debian 12. On older debian, vendor/device id are accepted with or without the "0x" prefix
2023-03-29 11:41:26 +02:00
Jérémy Lecour a999ac20da fqcn
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2765|8|2757|12|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/229//ansiblelint">Evolix » ansible-roles » unstable #229</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-27 23:36:35 +02:00
Jérémy Lecour 78c70c1d05 mysql: create log directory for stretch and later 2023-03-27 23:36:26 +02:00
Jérémy Lecour 004c85b0ff typo 2023-03-27 23:35:04 +02:00
David Prevot 0ed1fb9f0a evolinux-base: add wrapper task file for backward compatibility
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2769|4|2765|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/228//ansiblelint">Evolix » ansible-roles » unstable #228</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-27 16:13:11 +02:00
David Prevot 09f951de18 listupgrade: No removal (especially of the just installed cron_file) needed
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2769|4|2765|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/227//ansiblelint">Evolix » ansible-roles » unstable #227</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-27 11:21:25 +02:00
David Prevot 47e35f77d2 evoacme: Fix syntax that introduced extra ending space
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2768|3|2765|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/226//ansiblelint">Evolix » ansible-roles » unstable #226</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-27 10:16:57 +02:00
Jérémy Dubois 939b2358a3 openvpn: updated the README file
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2768|6|2762|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/225//ansiblelint">Evolix » ansible-roles » unstable #225</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-22 15:21:58 +01:00
Jérémy Lecour 70c93310f9 Fix ansible-lint violations
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2768|3|2765|12|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/224//ansiblelint">Evolix » ansible-roles » unstable #224</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-20 23:48:40 +01:00
Jérémy Lecour ee21973371 Use FQCN
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |2777|524|2253|2462|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/223//ansiblelint">Evolix » ansible-roles » unstable #223</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
Fully Qualified Collection Name
2023-03-20 23:33:19 +01:00
Jérémy Lecour 7a73df6bd7 Comments on Dell RAID controllers
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4715|5|4710|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/222//ansiblelint">Evolix » ansible-roles » unstable #222</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-20 21:33:49 +01:00
Jérémy Lecour 1d3866e3f0 packweb-apache: include_role instead of import_role
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4714|172|4542|175|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/221//ansiblelint">Evolix » ansible-roles » unstable #221</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-20 15:43:35 +01:00
Jérémy Lecour 247a89e928 syntax 2023-03-20 15:43:35 +01:00
Jérémy Lecour 151e6914a8 mysql: fixes for Debian 12 2023-03-20 15:43:35 +01:00
Jérémy Lecour a0986f034d mongodb: prepare Debian 12 2023-03-20 15:43:35 +01:00
Jérémy Lecour f8f5bec8b5 lxc-php: prepare php82 2023-03-20 15:43:35 +01:00
Jérémy Lecour 1d03e73a62 lxc-php: extract variables 2023-03-20 15:43:35 +01:00
Jérémy Lecour 09d3f606cd lxc-php: lxc dependency is resolved manually 2023-03-20 15:43:34 +01:00
Jérémy Lecour 16aabbe091 fluentd: deb922 sources 2023-03-20 15:43:34 +01:00
Jérémy Lecour efd6e8d6b3 apt: add wrapper tasks files for backward compatibility 2023-03-20 15:43:34 +01:00
Jérémy Lecour 45e8132d07 Install deb822 sources on Debian >=12 2023-03-20 15:43:34 +01:00
Jérémy Lecour f1644ed138 docker: source list for Debian 12 2023-03-20 15:43:34 +01:00
David Prevot 49d8c99328 pub_evolix.asc is also needed in lxc-php
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4717|6|4711|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/220//ansiblelint">Evolix » ansible-roles » unstable #220</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-20 14:56:11 +01:00
Jérémy Lecour 5974f12b82 evolinux-base: fix conditional precedence
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4717|4|4713|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/219//ansiblelint">Evolix » ansible-roles » unstable #219</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-18 18:50:06 +01:00
Jérémy Lecour 958109c3b3 evolinux-base: reorganize ssh section
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4717|90|4627|233|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/218//ansiblelint">Evolix » ansible-roles » unstable #218</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-18 18:40:03 +01:00
Jérémy Lecour 38b106a8f2 evolinux-base: reorganize hardware section 2023-03-18 18:40:03 +01:00
Jérémy Lecour 8f25dfe041 evolinux-base: syntax 2023-03-18 18:40:03 +01:00
Jérémy Lecour 6f61a0744c apt: with Debian, 12 backports are installed but disabled by default 2023-03-18 15:38:05 +01:00
Jérémy Lecour 512b06a513 bookworm-detect: detect also from description
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4860|7|4853|14|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/217//ansiblelint">Evolix » ansible-roles » unstable #217</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-17 22:32:31 +01:00
Jérémy Lecour 9358efedfe apt: fix many stupid mistakes 2023-03-17 22:32:11 +01:00
Jérémy Lecour 367bda528f apt: use deb822 format on Debian 12
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4867|51|4816|17|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/216//ansiblelint">Evolix » ansible-roles » unstable #216</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-17 20:05:45 +01:00
David Prevot 4c4a08f15e apt: Add binary key for our repository (for Jessie or less)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4833|7|4826|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/215//ansiblelint">Evolix » ansible-roles » unstable #215</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-17 13:55:48 +01:00
Jérémy Lecour 7052b7bd1e Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head This commit looks good Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4832|0|4832|0|:zzz: Details
gitea/ansible-roles/pipeline/tag This commit looks good Details
2023-03-16 22:18:04 +01:00
Jérémy Lecour fac45cb64d Release 23.03.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4833|5|4828|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/214//ansiblelint">Evolix » ansible-roles » unstable #214</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 22:17:46 +01:00
Jérémy Lecour edeb5bcfcf minifirewall also fix minifirewall_status
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4833|6|4827|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/213//ansiblelint">Evolix » ansible-roles » unstable #213</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 22:00:36 +01:00
Jérémy Lecour 8bfc4c28bc listupgrade: remove old typo version of the cron task
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4832|6|4826|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/212//ansiblelint">Evolix » ansible-roles » unstable #212</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 21:37:04 +01:00
Jérémy Lecour be03dfcb08 apt: deb822 migration python script is looked relative to shell script 2023-03-16 21:37:04 +01:00
Jérémy Lecour b7dea8d456 minifirewall: support protocols in numeric form 2023-03-16 21:37:04 +01:00
Alexis Ben Miloud--Josselin eae2eed7b0 Add role for PgBouncer
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4831|10|4821|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/211//ansiblelint">Evolix » ansible-roles » unstable #211</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 17:14:16 +01:00
Jérémy Lecour 8e4e77cb8b Merge branch 'unstable' into stable
gitea/ansible-roles/pipeline/head This commit looks good Details
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4826|0|4826|0|:zzz: Details
gitea/ansible-roles/pipeline/tag This commit looks good Details
2023-03-16 14:56:59 +01:00
Jérémy Lecour 65ee8c7e45 Release 23.03
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4826|7|4819|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/210//ansiblelint">Evolix » ansible-roles » unstable #210</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 14:56:39 +01:00
Jérémy Lecour 0e81eab6fa If you want `exit 0`, well… run `exit 0` :D
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4825|2|4823|3|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/209//ansiblelint">Evolix » ansible-roles » unstable #209</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 14:53:53 +01:00
Jérémy Lecour 449103f537 whitespace 2023-03-16 14:46:42 +01:00
Jérémy Lecour 8df930f016 import changelog line
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4826|61|4765|20|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/208//ansiblelint">Evolix » ansible-roles » unstable #208</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 14:38:32 +01:00
Jérémy Lecour 6f96f6b458 Use proper python Boolean 2023-03-16 14:38:32 +01:00
Jérémy Lecour 70d34ac18d listupgrade: upstream release 23.03.3 2023-03-16 14:38:32 +01:00
Jérémy Lecour 50216eb5c7 listupgrade: upstream release 23.03.2 2023-03-16 14:38:32 +01:00
Jérémy Lecour 8d698ec6cb CHANGELOG cleanup 2023-03-16 14:38:29 +01:00
Alexis Ben Miloud--Josselin dc6b340081 changelog: ajouter changements sur kvmstats
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4785|6|4779|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/207//ansiblelint">Evolix » ansible-roles » unstable #207</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-16 14:21:21 +01:00
Jérémy Lecour fa1935e46c apt: add tools to migrate sources to deb822 format
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4783|21|4762|7|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/206//ansiblelint">Evolix » ansible-roles » unstable #206</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-15 22:50:00 +01:00
Jérémy Lecour 96a2bbecdd apt: move-apt-keyrings moved in /usr/share/scripts 2023-03-15 22:49:02 +01:00
David Prevot d6959c9287 Revert "Use bullseye suite even for bookworm"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4769|4|4765|5|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/205//ansiblelint">Evolix » ansible-roles » unstable #205</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
bookworm suite has been enabled on our new repository.

This reverts commit 1fae737ac4.
2023-03-14 13:28:36 +01:00
David Prevot a9ce436b3c listupgrade: tfix
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4770|4|4766|3|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/204//ansiblelint">Evolix » ansible-roles » unstable #204</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 22:06:01 +01:00
David Prevot cc3fb051b0 Use our new repository for PHP 2023-03-13 22:05:51 +01:00
David Prevot c7940dc8c1 CHANGELOG: tfix
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4769|3|4766|4|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/203//ansiblelint">Evolix » ansible-roles » unstable #203</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 15:12:37 +01:00
William Hirigoyen 419071f470 php: fix error introduced in 33503e4538 (False evaluated as a string instead of boolean)
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4770|6|4764|5|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/202//ansiblelint">Evolix » ansible-roles » unstable #202</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 15:09:41 +01:00
David Prevot 015a1bfec7 Revert "Use HTTPS for our new repository"
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4769|8|4761|6|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/201//ansiblelint">Evolix » ansible-roles » unstable #201</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
It errors out if ca-certificates is not yet installed

This reverts commit 12a0d8d57e.
2023-03-13 11:59:27 +01:00
David Prevot 12a0d8d57e Use HTTP for our new repository
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4767|6|4761|7|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/200//ansiblelint">Evolix » ansible-roles » unstable #200</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 11:18:33 +01:00
Alexis Ben Miloud--Josselin 03cd475811 userlogrotate_jessie: Corriger condition compression
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4768|4|4764|6|:+1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/198//ansiblelint">Evolix » ansible-roles » unstable #198</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-13 10:22:53 +01:00
Alexis Ben Miloud--Josselin b0d0a7422a userlogrotate: Remplacer «``» par «$()»
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4770|2|4768|2|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/198//ansiblelint">Evolix » ansible-roles » unstable #198</a> Details
gitea/ansible-roles/pipeline/head There was a failure building this commit Details
2023-03-13 10:21:42 +01:00
Alexis Ben Miloud--Josselin e6199b3592 userlogrotate: Corriger condition compression 2023-03-13 10:15:01 +01:00
Jérémy Lecour b4a63d3d55 listupgrade: upstream release 23.03.1
Ansible Lint |Total|New|Outstanding|Fixed|Trend |:-:|:-:|:-:|:-:|:-: |4770|5|4765|4|:-1: Reference build: <a href="https://jenkins.evolix.org/job/gitea/job/ansible-roles/job/unstable/197//ansiblelint">Evolix » ansible-roles » unstable #197</a> Details
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-12 11:12:56 +01:00
Jérémy Lecour b57fd16ee6 listupgrade: upstream release 23.03 2023-03-12 11:12:56 +01:00
Jérémy Lecour d64193287d postgresql: configure max_connections 2023-03-12 11:12:56 +01:00
William Hirigoyen 3f353ad072 elasticsearch: disable GC logging
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-10 10:29:59 +01:00
William Hirigoyen fc95f57711 elasticsearch: Disable GC rotation for JDK 8 2023-03-10 10:29:59 +01:00
Alexis Ben Miloud--Josselin 058753bcfe kvmstats: Utiliser domstats pour récupérer infos
gitea/ansible-roles/pipeline/head This commit looks good Details
Remplacer les multiples commandes virsh par une seule commande
virsh domstats. La sortie est filtrée par une commande awk.

Certains hyperviseurs ne savent pas lister les informations d’un
volume RBD (Ceph) avec domblkinfo. Il semble que domstats
fonctionne mieux pour ça et peut donner toutes les informations
de toute façon.
2023-03-10 10:07:00 +01:00
Alexis Ben Miloud--Josselin 8b26f2f491 kvmstats: désobfusquer conversion vers html 2023-03-10 10:06:43 +01:00
William Hirigoyen 4759ed645c lxc: copy /etc/profile.d/evolinux.sh from host into container (P10001)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-08 11:09:36 +01:00
William Hirigoyen af569f8c26 userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-03 14:39:16 +01:00
William Hirigoyen 4d3f92df23 postfix: avoid Amavis transport to be considered dead when restarted.
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-02 17:50:17 +01:00
William Hirigoyen 7ec58bf144 userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 17:50:58 +01:00
William Hirigoyen cc7c2a7d4e userlogrotate: fix bug introduced in commit 2e54944a24 (rotated files were not zipped)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 17:22:50 +01:00
William Hirigoyen d9c5563fd6 postfix: remove unused "aliases_scope=sub" from virtual_aliases.cf (it generated warnings)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 14:35:51 +01:00
William Hirigoyen e3e589d132 evocheck: upstream release 23.03.01
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 10:08:57 +01:00
William Hirigoyen 19e6d01a34 evocheck: upstream release 23.03
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-03-01 09:58:24 +01:00
Ludovic Poujol e896459d06 varnish: add variable varnish_update_config to disable configuration update
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-28 15:24:18 +01:00
Jérémy Lecour d366683acc bind: jinja syntax
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-28 10:12:38 +01:00
David Prevot 1d701b060e apt: Use pub.evolix.org instead of pub.evolix.net
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-27 18:11:51 +01:00
Jérémy Lecour c99e71fc6c Add vscode settings
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-27 13:58:25 +01:00
Jérémy Lecour 17946f7280 apt: add move-apt-keyrings script/tasks 2023-02-27 13:58:01 +01:00
Jérémy Lecour b2c215eef0 formatting 2023-02-26 21:32:51 +01:00
Jérémy Lecour 431ffd5991 evolinux-base: subversion is not installed anymore 2023-02-26 21:31:02 +01:00
Eric Morino 68d34c8528 Add changelog for add feature in postfix / apache and php
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-24 15:46:00 +01:00
Eric Morino 8ec159c444 Add task in postfix for packmail and index.hml + vhost directive for mailgraph
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-24 15:41:39 +01:00
Jérémy Lecour 8cbe837147 bind: refactor role
gitea/ansible-roles/pipeline/head This commit looks good Details
* queries log can be enabled or disabled
* split tasks
* check if AppArmor is present
* don't install Munin plugin whose data file is not present
* remove example ACL in authoritative configuration
2023-02-21 19:01:01 +01:00
William Hirigoyen 2c1db6a222 userlogrotate: create role separated from packweb-apache
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-21 17:55:46 +01:00
William Hirigoyen ae5c829373 php: Fix missing variable error introduced in b1a602bf7 2023-02-21 17:47:23 +01:00
William Hirigoyen cd8a812288 bind: fix fail in check mode
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-21 15:14:05 +01:00
Jérémy Lecour 86a3c78a04 yarn: update apt key
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-21 15:09:05 +01:00
Jérémy Lecour 21a4f76330 bind: use systemd module 2023-02-21 15:08:02 +01:00
Alexis Ben Miloud--Josselin 6968128e7c php: fix last commit and update changelog
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-14 16:43:41 +01:00
Alexis Ben Miloud--Josselin d1b2fd8145 php: Fix sury support on Debian 11
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-14 15:49:21 +01:00
Eric Morino 4f5e745310 Add handlers pour php8.2
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-13 10:27:49 +01:00
Alexis Ben Miloud--Josselin 33503e4538 php: Add sury support on Debian 11
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-13 10:09:37 +01:00
William Hirigoyen 32f0561e72 evocheck: upstream release 23.02
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-10 12:32:39 +01:00
William Hirigoyen 7ba743072a evocheck: upstream release 22.12
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-10 11:46:23 +01:00
Ludovic Poujol 49e92d20b0 evolinux-users: Update sudoers template to remove commands allowed without password
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-01 15:23:51 +01:00
Jérémy Lecour 3f0eecc056 minifirewall: upstream release 23.02
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-02-01 13:21:01 +01:00
Jérémy Lecour d3765ada56 nagios-nrpe: old wrapper might be missing 2023-02-01 13:21:01 +01:00
Eric Morino 70be09342b Remove task debug
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-31 17:54:12 +01:00
Eric Morino b1a602bf75 Add php5.6 with Sury on Debian 10
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-31 17:53:31 +01:00
Jérémy Dubois f354f16cd6 openvpn: Change check_openvpn destination file to comply with recent EvoBSD change
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-31 11:13:08 +01:00
Jérémy Lecour 8244bd4615 nagios-nrpe: add tasks/files for a wrapper
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-30 12:05:43 +01:00
William Hirigoyen e0c143d9cf postfix: come back to default value of for pack mails
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-23 15:35:47 +01:00
William Hirigoyen 13f4578599 postfix: Do not notify errors of classes policy, protocol in of main.cf
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-23 15:01:57 +01:00
William Hirigoyen 31e90abe57 fail2ban: add 'Internal login failure' to Dovecot filter
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-23 10:33:10 +01:00
Jérémy Dubois 5120249e59 nagios-nrpe : fix check_vrrpd
gitea/ansible-roles/pipeline/head This commit looks good Details
grep "17" was able to grep "170"
2023-01-18 17:45:06 +01:00
David Prevot 6864f61343 keepalived: Make sure state file is readable
gitea/ansible-roles/pipeline/head This commit looks good Details
The file is created 600 on Bullseye otherwise
2023-01-18 16:49:28 +01:00
William Hirigoyen 8d16f17354 * clamav: set `MaxConnectionQueueLength` to its default value (200), custom (15) was way too small and caused recurrent connections fail in Postfix.
gitea/ansible-roles/pipeline/head This commit looks good Details
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
2023-01-18 10:30:41 +01:00
Jérémy Dubois 0cb751591a nagios-nrpe : Rewrite check_vrrpd for a better check (check rp_filter, vrrpd and uvrrpd compatible, use arguments, …)
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-17 11:11:33 +01:00
Ludovic Poujol c27551939d webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-13 11:05:55 +01:00
Ludovic Poujol dcc378776c webapp/nextcloud : Change default data directory to be outside web root 2023-01-13 11:04:32 +01:00
Jérémy Dubois 68017d8db9 openvpn: fix the client cipher configuration to match the server cipher configuration
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-12 14:29:18 +01:00
William Hirigoyen 417734eed2 haproxy: fix missing admin ACL in stats module access permissions
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-11 16:15:09 +01:00
Patrick Marchand 0413f93852 Fix problems with docker-host daemon.json config
gitea/ansible-roles/pipeline/head This commit looks good Details
Docker is very strict with it's json format and doesnt
seem to allow any surprise new lines or extra commas
after the last option before the closing }.

Since this is a dynamically constructed file, we dont know
what the last option will be. By putting the commas at the
start of the line and removing all newspace, we remove
the problem, at the expense of a less readable jinja
template.
2023-01-10 15:16:30 -05:00
Patrick Marchand 08db5a5140 Fix problems with docker-host daemon.json config
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-10 11:26:57 -05:00
Patrick Marchand e5cae4ba78 Fix evoacme jinja syntax problem
gitea/ansible-roles/pipeline/head This commit looks good Details
This problem was introduced by commit 7a0e0d81d6
It made ansible crash when parsing the template.
2023-01-09 14:10:47 -05:00
David Prevot dbef71d791 Drop trailing whitespaces
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-06 09:54:51 +01:00
Patrick Marchand 90ba88e157 Forgot to remove one of the warn: no occurences
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-05 15:06:30 -05:00
William Hirigoyen 4cdf3bb074 postgresql: fix regression introduced in 6c4243f3e in logrotate group
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-04 10:22:43 +01:00
William Hirigoyen 6c4243f3e1 postgresql: logrotate with dateext and right permissions
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-03 10:56:19 +01:00
William Hirigoyen 48e3ced983 elasticsearch : use logrotate for garbage collector logs
gitea/ansible-roles/pipeline/head This commit looks good Details
2023-01-02 17:29:37 +01:00
William Hirigoyen 8401401716 Update CHANGELOG
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-30 10:46:24 +01:00
William Hirigoyen 1a034af944 nagios-nrpe: Print pool config path in check_phpfpm_multi output
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-30 10:45:09 +01:00
Jérémy Lecour 7a0e0d81d6 Proper jinja spacing
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-28 09:03:37 +01:00
Jérémy Lecour 8eae5bba63 Use systemd module instead of command 2022-12-28 09:02:17 +01:00
Ludovic Poujol 0654fb8ced Jenkinsfile > Creating a temp file to collect lint result is not required
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-27 18:43:37 +01:00
Ludovic Poujol 1c66a1a5f3 Jenkinsfile > Use workspace tmp dir
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-27 18:16:52 +01:00
Ludovic Poujol be8c69b4b8 .Jenkinsfile > Add some ansible lint
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-27 16:19:00 +01:00
Ludovic Poujol 8ca237c5f7 fail2ban: Fix indent in tasks/fix-dbpurgeage.yml
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-27 14:47:55 +01:00
Patrick Marchand 0e6c2567e2 Fix presentation error in changelog markdown
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-22 11:35:52 -05:00
Patrick Marchand 5611bb73a2 Remove warning ignores as they are depreciated
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
2022-12-22 11:35:20 -05:00
Patrick Marchand 1c6fdbf85a Remove warning ignores as they are depreciated
gitea/ansible-roles/pipeline/head This commit looks good Details
Will cause a hard fail in ansible 2.14, so better get rid of them now.
There is no alternative, but the ansible warnings for those modules
are not hard failures anyways.
2022-12-22 11:32:32 -05:00
William Hirigoyen 7005344a5b evolinux-base: ensure dbus enabled and started
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-19 17:07:18 +01:00
William Hirigoyen 144c723e87 Revert "evolinux-base: ensure dbus enabled and started"
This reverts commit d8238d04c2.
2022-12-19 17:04:42 +01:00
William Hirigoyen d8238d04c2 evolinux-base: ensure dbus enabled and started
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-19 17:02:10 +01:00
Eric Morino a6cfc0159b Add logrotate for mysql_skip log file
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-16 16:31:43 +01:00
Eric Morino 506e7ff3a3 Add mysql_skip_enabled in main
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-16 16:25:46 +01:00
Eric Morino 2493219270 Add mysql_skip.sh
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-16 16:18:33 +01:00
Eric Morino ab3e648f18 Add variable for fix logging
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-15 14:47:04 +01:00
William Hirigoyen 55a64845ce postfix: add localhost. to mydestination
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-15 11:49:35 +01:00
Bruno Tatu ae94f979a4 Merge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable
gitea/ansible-roles/pipeline/head This commit looks good Details
2022-12-14 17:53:20 +01:00
Bruno Tatu 6aac8933b8 Support dbpurgeage if is a number or a string 2022-12-14 17:53:10 +01:00
697 changed files with 15334 additions and 5585 deletions

View File

@ -6,6 +6,20 @@ pipeline {
}
stages {
stage('Anible Lint') {
agent {
docker {
image 'evolix/ansible-lint:latest'
}
}
steps {
script {
sh 'for role_dir in ./*/; do HOME=$WORKSPACE_TMP ansible-lint -p $role_dir || : ; done'
recordIssues(tools: [ansibleLint()])
}
}
}
stage('Build tagged docker image') {
when {
buildingTag()

1
.gitignore vendored
View File

@ -2,3 +2,4 @@
.kateproject.d
.vagrant/
*.swp
.vscode

4
.markdownlint.json Normal file
View File

@ -0,0 +1,4 @@
{
"MD013": false,
"MD024": false
}

8
.vscode/settings.json vendored Normal file
View File

@ -0,0 +1,8 @@
{
"files.associations": {
"*.yml": "ansible",
"*.yaml": "ansible"
},
"yaml.format.enable": false,
"ansible.python.interpreterPath": "/bin/python"
}

View File

@ -1,4 +1,5 @@
# Changelog
All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).
@ -20,6 +21,310 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Security
## [24.03] 2024-03-01
### Added
* autosysadmin-agent: upstream release 24.03
* autosysadmin-restart_nrpe: add role
* certbot: Renewal hook for NRPE
* kvm-host: add minifirewall rules if DRBD interface is configured
### Changed
* apt: add ftp.evolix.org as recognized system source
* autosysadmin-agent: logs clearing is done weekly
* autosysadmin-agent: rename /usr/share/scripts/autosysadmin/{auto,restart}
* certbot: use pkey to test the key
* evolinux-base: execute autosysadmin-agent and autosysadmin-restart_nrpe roles
* lxc-php, php: Update sury PGP key
* openvpn: earlier alert for CA expiration
* redis: create sysfs config file if missing
### Removed
* autosysadmin: replaced by autosysadmin-agent
## [24.02.1] 2024-02-08
### Fixed
* fail2ban: fix Ansible syntax
## [24.02] 2024-02-08
### Added
* Support for PHP 8.3 with bookworm LXC containers
* apt: add task file to install ELTS repository (default: False)
* autosysadmin: Add a role to automatically deploy autosysadmin on evolixisation
* check_free_space: added role
* etc-git: add /var/chroot-bind/etc/bind repo
* fail2ban: add script unban_ip
* generateldif: new Services for check_pressure_{cpu,io,mem}
* kvm-host: Automatically add an LVM filter when LVM is present
* lxc-php: Allow one to install php83 on Bookworm container
* minifirewall: Fix nagios check for old versions of minifirewall
* mongodb: add gpg key for 7.0
* nagios-nrpe: add check_sentinel for monitoring Redis Sentinel
* nagios-nrpe: new check_pressure_{cpu,io,mem}
* remount-usr: do not try to remount /usr RW if /usr is not a mounted partition
* vrrpd: configure minifirewall
* vrrpd: test if interface exists before deleting it
* webapps/evoadmin-mail: package installed via public.evolix.org/evolix repo starting with Bookworm
* webapps/nextcloud: Add condition for archive tasks
* webapps/nextcloud: Add condition for config tasks
* webapps/nextcloud: Added var nextcloud_user_uid to enforce uid for nextcloud user
* webapps/nextcloud: Set ownership and permissions of data directory
### Changed
* add-vm.sh: allow VM name max length > 20
* amavis: make ldap_suffix mandatory
* apache : fix goaway pattern for bad bots
* apache : rename MaxRequestsPerChild to MaxConnectionsPerChild (new name)
* apache: use backward compatible Redirect directive
* apt: Disable archive repository for Debian 8
* apt: Use the GPG version of the key for Debian 8-9
* bind: Update role for Buster, Bullseye and Bookworm support
* dovecot: add variables for LDAP
* dovecot: Munin plugin conf path is now `/etc/munin/plugin-conf.d/zzz-dovecot` (instead of `z-evolinux-dovecot`)
* evocheck: upstream release 24.01
* evolinux-base: dump-server-state upstream release 23.11
* evolinux-base: use separate default config file for rsyslog
* kvmstats: use .capacity instead of .physical for disk size
* ldap: make ldap_suffix mandatory
* listupgrade : old-kernel-removal.sh upstream release 24.01
* log2mail: move custom config in separate file
* lxc: init /etc git repository in lxc container
* mysql: disable performance schema for Debian 8
* nagios: add dockerd check in nrpe check template
* nagios: cleaning nrpe check template
* nagios: rename var `nagios_nrpe_process_processes` into `nagios_nrpe_processes` and check systemd-timesyncd instead of ntpd in Debian 12
* nagios: add option --full to check pressure IO and mem to avoid flaps
* proftpd: in SFTP vhost, enable SSH keys login, enable ed25549 host key for Debian >= 11
* redis: manage config template inside a block, to allow custom modifications outside
* spamassassin: Use spamd starting with Bookworm
* squid: config directory seems to have changed from /etc/squid3 to /etc/squid in Debian 8
* unbound: Add config file to allow configuration reload on Debian 11 and lower
* unbound: Add munin configuration & setup plugin
* unbound: Big cleanup
* unbound: Move generated config file to `/etc/unbound/unbound.conf.d/evolinux.conf`
* unbound: Use root hints provided by debian package dns-root-data instead of downloading them
* vrrpd: replace switch script with custom one (fix MAC issue, use `ip(8)`, shell cleanup…)
* vrrpd: variable to force update the switch script (default: false)
* webapps/nextcloud: Add Ceph volume to fstab
* webapps/nextcloud: Set home directory's mode
### Fixed
* Add php-fpm82 to LDAP when relevant
* Check stat.exists before stat.isdir
* apache: fix MaxRequestsPerChild value to be sync with wiki.e.o
* apt: use archive.debian.org with Stretch
* certbot: fix hook for dovecot when more than one certificate is used (eg. different certificates for POP3 and IMAP)
* dovecot: add missing LDAP conf iterate_filter to exclude disabled accounts in users list (caused « User no longer exists » errors in commands listing users like « doveadm user -u '*' » or « doveadm expunge -u "*" mailbox INBOX savedbefore 7d »).
* dovecot: fix missing default mails
* dovecot: fix plugin dovecot1
* evoadmin-web: Fix PHP version for Bookworm
* evolinux-base: fix hardware.yml (wrong repo, missing update cache)
* evolinux-base: start to install linux-image-cloud-amd64 with Buster
* fail2ban: fix template marker
* minifirewall: ports 25, 53, 443, 993, 995 not opened publicly by default anymore, ports 20, 21, 110, 143 not opened semi-publicly by default anymore.
* nagios: fix default file to monitor for check_clamav_db
* nginx: add "when: not ansible_check_mode" in various tasks to prevent fail in check mode
* nginx: fix mistake between "check_mode: no" and "when: not ansible_check_mode" (fail in check mode)
* nginx: fix mistake between "check_mode: no" and "when: not ansible_check_mode" (fail in check mode)
* nginx: keep indentation
* nginx: take care of « already defined » and « not yet defined » server status suffix in check mode
* php: Bullseye/Sury > Honor the php_version asked in the pub.evolix.org repository
* php: drop apt_preferences(5) file for sury
* postfix: remove dependency on evolinux_fqdn var
* proftpd: set missing default listen IP for SFTP
* roundcube: set default SMTP port to 25 instead of 587, which failed because of missing SSL conf (local connexion does not need SSL)
* ssl: no not execute haproxy tasks and reload if haproxy is disabled
* unbound: Add a apt cache validity to enforce an apt update if needed
* webapps/nextcloud: added check that nextcloud uid is over 3000
* webapps/nextcloud: fix Add Ceph volume to fstab : missing UUID= in src
* webapps/nextcloud: fix misplaced gid attribute
* webapps/nextcloud: fix missing gid
* webapps/roundcube & evoadminmail: make roles more idempotent (were failing when played twice)
* amavis: Add variables for generate "ldap_suffix"
* proftpd: fix error when no SSH key is provided
### Removed
* evolinux-base: no need to remove update-evobackup-canary from sbin anymore
* evolinux-base: no need to symlink backup-server-state to dump-server-state anymore
## [23.10] 2023-10-14
### Added
* apt: disable `NonFreeFirmware` warning for VM on Debian 12+
* apt: explicit `signed-by` directives for official sources
* bind: add reload-zone helper
* certbot: deploy-hook for proftpd
* docker-host: added var for user namespace setting
* dovecot: add Munin plugins dovecot1 and dovecot_stats (patched)
* dovecot: fix old_stats plugin for Dovecot 2.3
* evocheck: add support for Debian >= 12 split SSH configuration
* evolinux-base: add split SSH configuration for Debian >= 12
* evolinux-base: configure `.bashrc` for all users
* evolinux-base: New variable `evolinux_system_include_ntpd` to chose wether or not to include `ntpd` role
* evolinux-base: reboot the server if the Cloud kernel has been installed
* evolinux-users: add split SSH configuration for Debian >= 12
* evolinux: install HPE Agentless Management Service (amsd)
* fail2ban: add default variable fail2ban_dbpurgeage_default
* fail2ban: add `fail2ban_sshd_port` variable to configure sshd port
* kvm-host: release 23.10 for migrate-vm.sh
* metricbeat/logstash: fix Ansible syntax
* mysql: new munin graph to follow binlog_days over time
* nagios-nrpe: add a NRPE check-local command with completion.
* nagios-nrpe: add a proper monitoring plugin for GlusterFS (on servers, not for clients)
* php: add new variable to disable overriding settings of php-fpm default pool (www)
* policy_pam: New role to manage password policy with `pam_pwquality` & `pam_pwhistory`
* userlogrotate: add a `userlogpurge` script disabled by default
* userlogrotate: new version, with separate conf file
* userlogrotate: rotate also php.log
* java: allow version 17
* timesyncd: new role, used instead of ntpd by default starting with Debian 12
### Changed
* all: change syntax "become: [yes,no]" → "become: [true,false]"
* all: change syntax "force: [yes,no]" → "force: [true,false]"
* elasticsearch: improve networking configuration
* evolinux-base: include files under `sshd_config.d`
* evolinux-users: remove Stretch references in tasks that also apply to next Debian versions
* evomaintenance: upstream release 23.10.1
* lxc-php: change LXC container in bookworm for php82
* minifirewall: update nrpe script to check active configuration
* minifirewall: upstream release 23.07
* mysql: improve shell syntax for mysql_skip script
* nagios-nrpe: set default check_load --per-cpu for BSD
* pgbouncer: minor fixes
* postfix (packmail or when postfix_slow_transport_include is True): change `miniprofmal_backoff_time` from 2h to 15m (see HowtoPostfix)
* postfix (packmail) : optimize Amavis integration
* postfix: disable sending mails via IPv6
* postfix: new spam.sh update script that avoids reloading if files did not change.
* postgresql: fix file `postgresql.pref.j2` for exclude package
* postgresql: fix task `update apt cache` for PGDG repo
* redis: standardize plugins path from `/usr/local/share/munin/` to `/usr/local/lib/munin/plugins/`
* varnish: allow the systemd template to be overridden with a template outside of the role
* lxc: purge openssh-server from container on install
### Fixed
* elasticsearch: comment the `Xlog:gc` line instead of changing it completely
* evocheck: fix IS_SSHALLOWUSERS condition
* evolinux-base, evolinux-users: Fix files mode under `/etc/ssh/sshd_config.d`
* evolinux-base: fix file extension
* fail2ban: fix cron `fail2ban_dbpurge` (should be bash instead of sh)
* lxc-php: fix APT keyring path inside containers
* nagios-nrpe: `check_ssl_local` now has an output that nrpe can understand when it isn't OK
* nagios-nrpe: remount `/usr` **after** installing the packages
* nagios-nrpe: sync Redis check from redis roles
* nginx: set default server directive in default vhost
* opendkim: update apt cache before install
* packweb-apache,nagios-nrpe: add missing task and config for PHP 8.2 container
* postfix: add missing `localhost.$mydomain` to `mydestination`
* redis: replace erroneous `ini_file` module for Munin config, fix dedicated Munin config filename (z-XXX).
* evolinux-base: use lineinfile instead of replace under root task
* evolinux-base: Corriger autorisation pour evolinux_user
* docker-host: Retirer directive state en trop
* rbenv: Installer libyaml-dev
### Removed
* dovecot: remove Munin plugin dovecot (not working)
## [23.04] 2023-04-23
### Added
* graylog: new role
* lxc-php: add support for PHP 8.2 container
### Changed
* Use FQCN (Fully Qualified Collection Name)
* apt: with Debian 12, backports are installed but disabled by default
* openvpn: updated the README file
* pgbouncer: add handler to restart the service
### Fixed
* generate-ldif: Support for Debian 12
## [23.03.1] 2023-03-16
### Added
* pgbouncer: new role
### Changed
* apt: deb822 migration python script is looked relative to shell script
* listupgrade: remove old typo version of the cron task
* minifirewall: support protocols in numeric form
## [23.03] 2023-03-16
### Added
* apache: add task to enable mailgraph on default vhost and index.html
* apt: add move-apt-keyrings script/tasks
* apt: add tools to migrate sources to deb822 format
* fail2ban: add "Internal login failure" to Dovecot filter
* lxc: copy `/etc/profile.d/evolinux.sh` from host into container
* nagios-nrpe: add tasks/files for a wrapper
* nagios-nrpe: Print pool config path in check_phpfpm_multi output
* php: add `php_version` variable when sury is activated for each Debian version
* php: add a way to choose which version to install using sury repository
* postfix: Add task to enable mailgraph on packmail
* postgresql: configure max_connections
* userlogrotate: create dedicated role, separated from packweb-apache
* varnish: add `varnish_update_config` variable to disable configuration update
### Changed
* Use systemd module instead of command
* Removed all `warn: False` args in command, shell and other modules as it's been deprecated and will give a hard fail in ansible-core 2.14.0.
* apt: Use pub.evolix.org instead of pub.evolix.net
* bind: refactor role
* elasticsearch: Disable garabge collector logging (JDK >= 9)
* evolinux-users: Update sudoers template to remove commands allowed without password
* listupgrade: upstream release 23.03.3
* kvmstats: use virsh domstats | awk to get guests informations
* nagios-nrpe : Rewrite `check_vrrpd` for a better check (check `rp_filter`, `vrrpd` and `uvrrpd` compatible, use arguments, …)
* openvpn: Change `check_openvpn` destination file to comply with recent EvoBSD change
* postfix: come back to default value of `notify_classes` for pack mails.
* userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
* webapps/nextcloud : Change default data directory to be outside web root
* webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
* yarn: update apt key
### Fixed
* Proper jinja spacing
* clamav: set `MaxConnectionQueueLength` to its default value (200), custom (15) was way too small and caused recurring failures in Postfix.
* docker-host: fix type in `daemon.json` and remove host configuration that is already in the systemd service by default
* evolinux-base: ensure dbus is started and enabled (not by default in the case of an offline netinst)
* haproxy: fix missing admin ACL in stats module access permissions
* openvpn: fix the client cipher configuration to match the server cipher configuration
* php: fix error introduced in #33503e4538 (`False` evaluated as a String instead of Boolean)
* php: install using Sury repositories on Bullseye
* postfix (packmail only): disable `concurrency_failed_cohort_limit` for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long in `minimal_backoff_time` (2h) and `maximal_backoff_time` (6h) to reduce the risk of ban from external SMTPs.
* postfix: avoid Amavis transport to be considered dead when restarted.
* postfix: remove unused `aliases_scope=sub` from virtual_aliases.cf (it generated warnings)
* userlogrotate: fix bug introduced in commit 2e54944a246 (rotated files were not zipped)
* userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
### Removed
* evolinux-base: subversion is not installed anymore
## [22.12] 2022-12-14
### Added
@ -34,6 +339,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* packweb-apache: enable `log_forensic` module
* rabbitmq: add link in default page
* varnish: create special tmp directory for syntax validation
* postfix: add localhost.$mydomain to mydestination
### Changed
@ -73,7 +379,6 @@ The **patch** part changes is incremented if multiple releases happen the same m
* openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
## [22.09] 2022-09-19
### Added
@ -87,7 +392,6 @@ The **patch** part changes is incremented if multiple releases happen the same m
* proftpd: Add options to override configs (and add a warning if file was overriden)
* proftpd: Allow user auth with ssh keys
### Changed
* evocheck: upstream release 22.09
@ -95,7 +399,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* generate-ldif: Support any MariaDB version
* minifirewall: use handlers to restart minifirewall
* openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
* generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
* generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
* openvpn: Run OpenVPN with the \_openvpn user and group instead of nobody which is originally for NFS
* nagios-nrpe: Upgrade check_mongo
@ -213,16 +517,16 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Added
* docker : Introduce new default settings + allow to change the docker data directory
* docker : Introduce new variables to tweak daemon settings
* docker: Introduce new default settings + allow to change the docker data directory
* docker: Introduce new variables to tweak daemon settings
### Changed
* evocheck: upstream release 22.05
* evocheck: Upstream release 22.05
### Removed
* docker : Removed Debian Jessie support
* docker: Removed Debian Jessie support
## [22.05] 2022-05-10
@ -246,7 +550,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* minifirewall: restore "force-restart" and fix "restart-if-needed"
* minifirewall: tail template follows symlinks
* minifirewall: upstream release 22.05
* opendkim : add generate opendkim-genkey in sha256 and key 4096
* opendkim : add generate opendkim-genkey in sha256 and key 4096
* openvpn: use a local copy of files instead of cloning an external git repository
* openvpn: use a subnet topology instead of the net30 default topology
* tomcat: Tomcat 9 by default with Debian 11
@ -609,6 +913,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [10.0.0] - 2020-05-13
### Added
* apache: the default VHost doesn't redirect to https for ".well-known" paths
* apt: added buster backports prerferences
* apt: check if cron is installed before adding a cron job
@ -645,6 +950,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* bind: enable bind9 munin plugin for recursive resolvers
### Changed
* replace version_compare() with version()s
* removed some deprecations for Ansible 2.7
* apache: improve permissions in save_apache_status script
@ -690,6 +996,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* varnish: remove custom ExecReload= script for Debian 10+
### Fixed
* etc-git: fix warnings ansible-lint
* evoadmin-web: Put the php config at the right place for Buster
* lxc: Don't stop the container if it already exists
@ -712,16 +1019,19 @@ The **patch** part changes is incremented if multiple releases happen the same m
* packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
### Removed
* clamav : do not install the zoo package anymore
## [9.10.1] - 2019-06-21
### Changed
* evocheck : update (version 19.06) from upstream
## [9.10.0] - 2019-06-21
### Added
* apache: add server status suffix in VHost (and default site) if missing
* apache: add a variable to customize the server-status host
* apt: add a script to manage packages with "hold" mark
@ -732,6 +1042,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* redmine: enable gzip compression in nginx vhost
### Changed
* evocheck : update (unreleased) from upstream
* evomaintenance : use the web API instead of PG Insert
* fluentd: store gpg key locally
@ -744,23 +1055,26 @@ The **patch** part changes is incremented if multiple releases happen the same m
* apt: Add Debian Buster repositories
### Fixed
* rbenv: add check_mode for check rbenv and ruby versions
* nagios-nrpe: fix redis_instances check when Redis port equal 0
* redmine: fix 500 error on logging
* evolinux-base: Validate sshd config with "-t" instead of "-T"
* evolinux-base: Ensure rename is present
* evolinux-users: Validate sshd config with "-t" instead of "-T"
* nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-*
* nagios-nrpe: Replace the dummy packages nagios-plugins-*with monitoring-plugins-*
## [9.9.0] - 2019-04-16
### Added
* etc-git: ignore evobackup/.keep-* files
* lxc: /home is mounted in the container by default
* nginx : add "x-frame-options: sameorigin" for Munin
### Changed
* changed remote repository to https://gitea.evolix.org/evolix/ansible-roles
* changed remote repository to <https://gitea.evolix.org/evolix/ansible-roles>
* apt: Ensure jessie-backport from archives.debian.org is accepted
* apt: Remove jessie-update suite as it's no longer exists
* apt: Replace mirror.evolix.org by archives.debian.org for jessie-backport
@ -773,8 +1087,8 @@ The **patch** part changes is incremented if multiple releases happen the same m
* tomcat: better tomcat version management
* webapps/evoadmin-web: add dbadmin.sh to sudoers file
### Fixed
* spamassasin: fix sa-update.sh and ensure service is started and enabled
* tomcat-instance: deploy correct version of config files
* tomcat-instance: deploy correct version of server.xml
@ -782,20 +1096,24 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.8.0] - 2019-01-31
### Added
* filebeat: disable cloud_metadata processor by default
* metricbeat: disable cloud_metadata processor by default
* percona : new role to install Percona repositories and tools
* redis: add variable for configure unixsocketperm
### Changed
* redmine: refactoring of redmine role with use of rbenv
### Fixed
* ntpd: Update the restrictions to follow wiki.evolix.org/HowtoNTP client config
## [9.7.0] - 2019-01-17
### Added
* apache: add Munin configuration for Apache server-status URL
* evomaintenance: database variables must be set or the task fails
* fail2ban: add "ips" tag added to fail2ban/tasks/ip_whitelist.yml
@ -808,6 +1126,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* proftpd: add FTPS and SFTP support
### Changed
* redis: distinction between main and master password
* evocheck: update evocheck.sh for source install
* php: added php-zip in the installed package list for debian 9 (and later)
@ -815,6 +1134,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* java: update Oracle java package to 8u192
### Fixed
* fail2ban: fix "ignoreip" update
* metricbeat: fix username/password replacement
* nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true)
@ -823,16 +1143,17 @@ The **patch** part changes is incremented if multiple releases happen the same m
* redis: In instance mode, ensure to replace the nrpe check_redis with the instance check script
* redis: Don't set the owner of /var/{lib,log}/redis to a redis instance account
## [9.6.0] - 2018-12-04
### Added
* evolinux-base: deploy custom motd if template are present
* minifirewall: all variables are configurable (untouched by default)
* minifirewall: main file is configurable
* squid: minifirewall main file is configurable
### Changed
* minifirewall: compare config before/after (for restart condition)
* squid: better replacement in minifirewall config
* evoadmin-mail: complete refactoring, use Debian Package
@ -840,6 +1161,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.5.0] - 2018-11-14
### Added
* apache: separate task to update IP whitelist
* evolinux-base: install man package
* evolinux-users: add newaliases handler
@ -853,11 +1175,13 @@ The **patch** part changes is incremented if multiple releases happen the same m
* mysql: logdir can be customized
### Changed
* evocheck: update script from upstream
* evomaintenance: update script from upstream
* mysql: restart service if systemd unit has been patched
### Fixed
* packweb-apache: mod-security config is already included elsewhere
* redis: for permissions on log and lib directories
* redis: fix shell for instance users
@ -866,13 +1190,16 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.4.2] - 2018-10-12
### Added
* evomaintenance: install dependencies manually when installing vendored version
* nagios-nrpe: add an option to ignore servers in NOLB status
### Changed
* haproxy: move check_haproxy_stats to nagios-nrpe role
### Fixed
* evoacme: better error when apache2ctl fails
* evomaintenance: fix role compatibility with OpenBSD
* spamassassin: add missing right for amavis
@ -881,16 +1208,19 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.4.1] - 2018-09-28
### Added
* redis: set masterauth when redis_password is defined
* evomaintenance: variable to install a vendored version
* evomaintenance: tasks/variables to handle minifirewall restarts
### Changed
* mysql-oracle: better handle packages and users
## [9.4.0] - 2018-09-20
### Added
* etc-git: manage a cron job to monitor uncommited changes in /etc/.git (default: `True`)
* evolinux-base: better shell history
* evolinux-users: add user to /etc/aliases
@ -905,9 +1235,11 @@ The **patch** part changes is incremented if multiple releases happen the same m
* nagios-nrpe: add check_redis_instances
### Changed
* dovecot: stronger TLS configuration
### Fixed
* apache: cleaner way to overwrite the server status suffix
* packweb-apache: don't regenerate phpMyAdmin suffix each time
* nginx: cleaner way to overwrite the server status suffix
@ -916,11 +1248,13 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.3.2] - 2018-09-06
### Added
* minifirewall: add a variable to disable the restart handler
* minifirewall: add a variable to force a restart of the firewall (even with no change)
* minifirewall: improve variables values and documentation
### Changed
* dovecot: enable SSL/TLS by default with snakeoil certificate
### Fixed
@ -930,11 +1264,13 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.3.1] - 2018-08-30
### Added
* metricbeat: new variables to configure elasticsearch hosts and auth
## [9.3.0] - 2018-08-24
### Added
* elasticsearch: tmpdir configuration compatible with 5.x also
* elasticsearch: add http.publish_host variable
* evoacme: disable old certbot cron also in cron.daily
@ -955,6 +1291,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* nagios-nrpe: add check_postgrey
### Changed
* etc-git: some entries of .gitignore are mandatory
* evocheck: update upstream script
* evolinux-base: improve hostname configuration (real vs. internal)
@ -973,6 +1310,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* kvm-host: install kvm-tools package instead of copying add-vm.sh
### Fixed
* apache: logrotate replacement is more subtle/precise. It replaces only the proper directive and not every occurence of the word.
* bind: chroot-bind.sh must not be executed in check mode
* evoacme: fix module detection in apache config
@ -984,12 +1322,14 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.2.0] - 2018-05-16
### Changed
* filebeat: install version 6.x by default
* filebeat: cleanup unused code
* squid: add some domaine and fix broken restrictions
* elasticsearch: defaults to version 6.x
### Fixed
* evolinux-users: secondary groups are comma-separated
* ntpd: fix configuration (server and ACL)
* varnish: don't fork the process on startup with systemd
@ -999,6 +1339,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
### Added
### Changed
* apache: customize logrotate (52 weeks)
* evolinux: groups for SSH configuration are used with Debian 10 and later
* evolinux-base: fail2ban is not enabled by default
@ -1010,9 +1351,11 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.1.8] - 2018-04-16
### Changed
* packweb-apache: use dependencies instead of include_role for apache and php roles
### Fixed
* mysql: use check_mode for apg command (Fix --check)
* mysql/mysql-oracle: properly reload systemd
* packweb-apache: use check_mode for apg command (Fix --check)
@ -1020,6 +1363,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.1.7] - 2018-04-06
### Added
* added a few become attributes where missing
* etc-git: add tags for Ansible
* evolinux-base: install ncurses-term package
@ -1037,6 +1381,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* redmine: added missing tags
### Changed
* elasticsearch: RESTART_ON_UPGRADE is configurable (default: `true`)
* elasticsearch: use ES_TMPDIR variable for custom tmpdir, (from `/etc/default/elasticsearch` instead of changing `/etc/elesticsearch/jvm.options`).
* evolinux-base: Exec the firewall tasks sooner (to avoid dependency issues)
@ -1052,6 +1397,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* webapps/evoadmin-web: Fail if variable evoadmin_contact_email isn't defined
### Fixed
* dovecot: fix support of plus sign
* mysql/mysql-oracle: mysqltuner cron task is executable
* nginx: fix basic auth for default vhost
@ -1060,21 +1406,25 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.1.6] - 2018-02-02
### Added
* mongodb: install python-pymongo for monitoring
* nagios-nrpe: allowed_hosts can be updated
### Changed
* Changelog: explain the versioning scheme
* Changelog: add a release date for 9.1.5
* evoacme: exclude typical certbot directories
### Fixed
* fail2ban: fix horrible typo, Python is not Ruby
* nginx: fix servers status dirname
## [9.1.5] - 2018-01-18
### Added
* There is a changelog!
* redis: configuration variable for protected mode (v3.2+)
* evolinux-users: users are in "adm" group for Debian 9 or later
@ -1086,41 +1436,49 @@ The **patch** part changes is incremented if multiple releases happen the same m
* redmine: ability to install themes and plugins
### Changed
* rbenv: Ruby 2.5 becomes the default version
* evocheck: update upstream version embedded in role (c993244)
* bind: keep 52 weeks of logs
### Fixed
* squid: different logrotate file for Jessie or Stretch+
* evoacme: don't invoke evoacme if no vhost is found
* evomaintenance: explicit quotes in config file
* redmine: force xpath gem < 3.0.0
### Security
* evomaintenance: fix permissions for config file
## [9.1.4] - 2017-12-20
### Added
* php: install php5-intl (for Jessie) and php-intl (for Debian 9 or later)
* mysql: add a check_mysql_slave in nrpe configuration
* ldap: slapd tcp port is configurable
* elasticsearch: broader patterns for log rotation
### Changed
* split IP lists in 2 default and additional for easier customization.
### Fixed
* minifirewall: allow outgoing SSH connections over IPv6
* nodejs: rename source.list file
### Security
* evoadmin-web: change config.local.php file permissions
* evolinux-base: change default_www file permissions
## [9.1.3] 2017-12-08
### Added
* evolinux-base: install traceroute package
* evolinux-base/ntpd: purge openntpd
* tomcat: add Tomcat 8 cmpatibility
@ -1132,6 +1490,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
* elastic: option for stack main version
### Changed
* nginx: rename Let's Encrypt snippet
* nginx: simpler apt preferences for backports
* generate-ldif: add clamd service instead of clamav_db
@ -1143,10 +1502,12 @@ The **patch** part changes is incremented if multiple releases happen the same m
* mongodb: comatible with Stretch
### Removed
* mongodb: logfile/pidfile are not configurable on Jessie
* minifirewall: remove zidane.evolix.net from HTTPSITES
### Fixed
* nginx: fix munin CGI graphs
* ntpd: fix default configuration (localhost only)
* logstash: fix permissions on pipeline configuration
@ -1157,14 +1518,17 @@ The **patch** part changes is incremented if multiple releases happen the same m
## [9.1.2] 2017-12-05
### Fixed
* listupgrade: remount /usr as rw
## [9.1.1] 2017-11-21
### Added
* amazon-ec2: add egress rules
### Fixed
* evoacme: fix multiple bugs
## [9.1.0] 2017-11-19
@ -1172,6 +1536,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
_Warning: huge release, many entries are missing below._
### Added
* amazon-ec2: new role, for EC2 instances creation
* Move /usr rw remount into remount-usr role
* kibana: host and basepath configuration
@ -1182,6 +1547,7 @@ _Warning: huge release, many entries are missing below._
* nagios-nrpe: add opendkim check
### Changed
* Combine evolix and additional trusted IP addresses
* amazon-ec2: split tasks
* apt: don't upgrade by default
@ -1192,6 +1558,7 @@ _Warning: huge release, many entries are missing below._
* ldap: better variables
### Fixed
* fail2ban: create config hierarchy beforehand
* elasticsearch: fix datadir/tmpdir conditions
* elastic: remove double ".list" suffix
@ -1202,10 +1569,10 @@ _Warning: huge release, many entries are missing below._
### Security
## [9.0.1] 2017-10-02
### Added
* haproxy: add a Nagios check
* php: add "sury" mode for PHP 7.1 on Stretch
* minifirewall: explicit dependency on iptables
@ -1213,9 +1580,11 @@ _Warning: huge release, many entries are missing below._
* docker-host: new variable for docker home
### Changed
* php: install php5/php package after fpm/libapache2-mod-php
### Fixed
* mysql: add "REPLICATION CLIENT" privilege for nrpe
* evoadmin-web: revert from variables to keywords in the templates
* evoacme: many fixes

5
amavis/defaults/main.yml Normal file
View File

@ -0,0 +1,5 @@
---
ldap_hostname: "{{ ansible_hostname }}"
ldap_domain: "{{ ansible_domain }}"
ldap_suffix: "dc={{ ldap_hostname }},dc={{ ldap_domain.split('.')[-2] }},dc={{ ldap_domain.split('.')[-1] }}"

View File

@ -0,0 +1,2 @@
#!/bin/bash
find /var/lib/amavis/virusmails/ -type f -mtime +30 -delete

View File

@ -1,5 +1,5 @@
---
- name: restart amavis
service:
ansible.builtin.service:
name: amavis
state: restarted

View File

@ -1,18 +1,27 @@
---
- name: install Amavis
apt:
ansible.builtin.apt:
name:
- postgrey
- amavisd-new
state: present
tags:
- amavis
- amavis
- name: configure Amavis
template:
ansible.builtin.template:
src: amavis.conf.j2
dest: /etc/amavis/conf.d/49-evolinux-defaults
mode: "0644"
notify: restart amavis
tags:
- amavis
- amavis
- name: Install purge custom cron
ansible.builtin.copy:
src: amavis_purge_virusmails
dest: /etc/cron.daily/amavis_purge_virusmails
mode: "0755"
tags:
- amavis
- amavis_purge_cron

View File

@ -44,7 +44,7 @@ $max_servers = 2;
$enable_ldap = 1;
$default_ldap = {
hostname => '127.0.0.1', tls => 0,
base => '{{ ldap_suffix }}', scope => 'sub',
base => '{{ ldap_suffix | mandatory }}', scope => 'sub',
query_filter => '(&(mailacceptinggeneralid=%m)(isActive=TRUE))'
};

View File

@ -9,16 +9,16 @@
aws_region: ca-central-1
tasks:
- include_role:
- ansible.builtin.include_role:
name: evolix/amazon-ec2
tasks_from: setup.yml
- include_role:
- ansible.builtin.include_role:
name: evolix/amazon-ec2
tasks_from: create-instance.yml
- name: Install Evolinux
hosts: launched-instances
become: yes
become: true
vars_files:
- 'vars/secrets.yml'
@ -51,7 +51,7 @@
- mysql
post_tasks:
- include_role:
- ansible.builtin.include_role:
name: evolix/etc-git
tasks_from: commit.yml
vars:

View File

@ -1,36 +1,36 @@
---
- name: Launch new instance(s)
ec2:
amazon.aws.ec2:
state: present
aws_access_key: "{{aws_access_key}}"
aws_secret_key: "{{aws_secret_key}}"
region: "{{aws_region}}"
image: "{{ec2_base_ami}}"
instance_type: "{{ec2_instance_type}}"
count: "{{ec2_instance_count}}"
assign_public_ip: "{{ec2_public_ip}}"
group: "{{ec2_security_group.name}}"
key_name: "{{ec2_keyname}}"
aws_access_key: "{{ aws_access_key }}"
aws_secret_key: "{{ aws_secret_key }}"
region: "{{ aws_region }}"
image: "{{ ec2_base_ami }}"
instance_type: "{{ ec2_instance_type }}"
count: "{{ ec2_instance_count }}"
assign_public_ip: "{{ ec2_public_ip }}"
group: "{{ ec2_security_group.name }}"
key_name: "{{ ec2_keyname }}"
wait: yes
register: ec2
- name: Add newly created instance(s) to inventory
add_host:
hostname: "{{item.public_dns_name}}"
ansible.builtin.add_host:
hostname: "{{ item.public_dns_name }}"
groupname: launched-instances
ansible_user: admin
ansible_ssh_common_args: "-o StrictHostKeyChecking=no"
loop: "{{ec2.instances}}"
loop: "{{ ec2.instances }}"
- debug:
msg: "Your newly created instance is reachable at: {{item.public_dns_name}}"
loop: "{{ec2.instances}}"
- ansible.builtin.debug:
msg: "Your newly created instance is reachable at: {{ item.public_dns_name }}"
loop: "{{ ec2.instances }}"
- name: Wait for SSH to come up on all instances (give up after 2m)
wait_for:
ansible.builtin.wait_for:
state: started
host: "{{item.public_dns_name}}"
host: "{{ item.public_dns_name }}"
port: 22
timeout: 120
loop: "{{ec2.instances}}"
loop: "{{ ec2.instances }}"

View File

@ -1,5 +1,5 @@
---
- name: Remove admin user
user:
ansible.builtin.user:
name: admin
state: absent

View File

@ -1,7 +1,7 @@
---
- name: Create default security group
ec2_group:
amazon.aws.ec2_group:
name: "{{ ec2_security_group.name }}"
state: present
aws_access_key: "{{ aws_access_key }}"
@ -12,7 +12,7 @@
rules_egress: "{{ ec2_security_group.rules_egress }}"
- name: Create key pair
ec2_key:
amazon.aws.ec2_key:
name: "{{ ec2_keyname }}"
state: present
aws_access_key: "{{ aws_access_key }}"

View File

@ -10,7 +10,7 @@ MaxKeepAliveRequests 10
StartServers 50
MinSpareServers 20
MaxSpareServers 30
MaxRequestsPerChild 0
MaxConnectionsPerChild 100
</IfModule>
<IfModule mpm_worker_module>
@ -20,7 +20,7 @@ MaxKeepAliveRequests 10
ThreadLimit 64
ThreadsPerChild 25
MaxRequestWorkers 150
MaxConnectionsPerChild 0
MaxConnectionsPerChild 100
</IfModule>
<IfModule mpm_itk_module>
@ -40,28 +40,25 @@ MaxKeepAliveRequests 10
</IfModule>
</IfModule>
<Directory /home/>
AllowOverride None
Require all granted
# "Require not env XXX" is not supported :(
Deny from env=GoAway
</Directory>
# Go away bad bots (define "bad bots" in zzz-evolinux-custom.conf)
<If "reqenv('GoAway') -eq 1">
Require all denied
</If>
<DirectoryMatch "/\.git">
# We don't want to let the client know a file exist on the server,
# so we return 404 "Not found" instead of 403 "Forbidden".
Redirect 404
Redirect 404 "-"
</DirectoryMatch>
# File names starting with
<FilesMatch "^\.(git|env)">
Redirect 404
Redirect 404 "-"
</FilesMatch>
# File names ending with
<FilesMatch "\.(inc|bak)$">
Redirect 404
Redirect 404 "-"
</FilesMatch>
<LocationMatch "^/evolinux_fpm_status-.*">

View File

@ -1,15 +1,15 @@
---
- name: restart apache
service:
ansible.builtin.service:
name: apache2
state: restarted
- name: reload apache
service:
ansible.builtin.service:
name: apache2
state: reloaded
- name: restart munin-node
service:
ansible.builtin.service:
name: munin-node
state: restarted

View File

@ -1,21 +1,21 @@
---
- name: Init ipaddr_whitelist.conf file
copy:
ansible.builtin.copy:
src: ipaddr_whitelist.conf
dest: /etc/apache2/ipaddr_whitelist.conf
owner: root
group: root
mode: "0640"
force: no
force: false
tags:
- apache
- name: Load IP whitelist task
include: ip_whitelist.yml
ansible.builtin.import_tasks: ip_whitelist.yml
- name: include private IP whitelist for server-status
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apache2/mods-available/status.conf
line: " include /etc/apache2/ipaddr_whitelist.conf"
insertafter: 'SetHandler server-status'
@ -24,19 +24,19 @@
- apache
- name: Copy private_htpasswd
copy:
ansible.builtin.copy:
src: private_htpasswd
dest: /etc/apache2/private_htpasswd
owner: root
group: root
mode: "0640"
force: no
force: false
notify: reload apache
tags:
- apache
- name: add user:pwd to private htpasswd
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apache2/private_htpasswd
line: "{{ item }}"
state: present
@ -46,7 +46,7 @@
- apache
- name: remove user:pwd from private htpasswd
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apache2/private_htpasswd
line: "{{ item }}"
state: absent

View File

@ -1,10 +1,11 @@
---
- name: add IP addresses to private IP whitelist
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: present
create: yes
loop: "{{ apache_ipaddr_whitelist_present }}"
notify: reload apache
tags:
@ -12,7 +13,7 @@
- ips
- name: remove IP addresses from private IP whitelist
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apache2/ipaddr_whitelist.conf
line: "Require ip {{ item }}"
state: absent

View File

@ -1,19 +1,19 @@
---
- name: log2mail is installed
apt:
ansible.builtin.apt:
name: log2mail
state: present
tags:
- apache
- name: Add log2mail config for Apache segfaults
template:
ansible.builtin.template:
src: log2mail-apache.j2
dest: "/etc/log2mail/config/apache"
owner: log2mail
group: adm
mode: "0644"
force: no
force: false
tags:
- apache

View File

@ -1,7 +1,7 @@
---
- name: packages are installed (Debian 9 or later)
apt:
ansible.builtin.apt:
name:
- apache2
- libapache2-mod-evasive
@ -14,7 +14,7 @@
when: ansible_distribution_major_version is version('9', '>=')
- name: itk package is installed if required (Debian 9 or later)
apt:
ansible.builtin.apt:
name:
- libapache2-mpm-itk
state: present
@ -26,7 +26,7 @@
- apache_mpm == "itk"
- name: packages are installed (jessie)
apt:
ansible.builtin.apt:
name:
- apache2-mpm-itk
- libapache2-mod-evasive
@ -39,7 +39,7 @@
when: ansible_distribution_release == "jessie"
- name: basic modules are enabled
apache2_module:
community.general.apache2_module:
name: '{{ item }}'
state: present
loop:
@ -55,7 +55,7 @@
- apache
- name: basic modules are enabled
apache2_module:
community.general.apache2_module:
name: '{{ item }}'
state: present
loop:
@ -67,31 +67,31 @@
- name: Copy Apache defaults config file
copy:
ansible.builtin.copy:
src: evolinux-defaults.conf
dest: "/etc/apache2/conf-available/z-evolinux-defaults.conf"
owner: root
group: root
mode: "0640"
force: yes
force: true
notify: reload apache
tags:
- apache
- name: Copy Apache custom config file
copy:
ansible.builtin.copy:
src: evolinux-custom.conf
dest: "/etc/apache2/conf-available/zzz-evolinux-custom.conf"
owner: root
group: root
mode: "0640"
force: no
force: false
notify: reload apache
tags:
- apache
- name: disable status.conf
file:
ansible.builtin.file:
dest: /etc/apache2/mods-enabled/status.conf
state: absent
notify: reload apache
@ -99,7 +99,8 @@
- apache
- name: Ensure Apache config files are enabled
command: "a2enconf {{ item }}"
ansible.builtin.command:
cmd: "a2enconf {{ item }}"
register: command_result
changed_when: "'Enabling' in command_result.stderr"
loop:
@ -109,37 +110,38 @@
tags:
- apache
- include: auth.yml
- ansible.builtin.include: auth.yml
tags:
- apache
- name: default vhost is installed
template:
ansible.builtin.template:
src: evolinux-default.conf.j2
dest: /etc/apache2/sites-available/000-evolinux-default.conf
mode: "0640"
force: no
force: false
notify: reload apache
tags:
- apache
- name: default vhost is enabled
file:
ansible.builtin.file:
src: /etc/apache2/sites-available/000-evolinux-default.conf
dest: /etc/apache2/sites-enabled/000-default.conf
state: link
force: yes
force: true
notify: reload apache
when: apache_evolinux_default_enabled | bool
tags:
- apache
- include: server_status.yml
- ansible.builtin.include: server_status.yml
tags:
- apache
- name: is umask already present?
command: "grep -E '^umask ' /etc/apache2/envvars"
ansible.builtin.command:
cmd: "grep -E '^umask ' /etc/apache2/envvars"
failed_when: False
changed_when: False
register: envvar_grep_umask
@ -148,7 +150,7 @@
- apache
- name: Add a mark in envvars for umask
blockinfile:
ansible.builtin.blockinfile:
dest: /etc/apache2/envvars
marker: "## {mark} ANSIBLE MANAGED BLOCK"
block: |
@ -159,13 +161,13 @@
tags:
- apache
- include_role:
- ansible.builtin.include_role:
name: evolix/remount-usr
tags:
- apache
- name: /usr/share/scripts exists
file:
ansible.builtin.file:
dest: /usr/share/scripts
mode: "0700"
owner: root
@ -175,16 +177,16 @@
- apache
- name: "Install save_apache_status.sh"
copy:
ansible.builtin.copy:
src: save_apache_status.sh
dest: /usr/share/scripts/save_apache_status.sh
mode: "0755"
force: no
force: false
tags:
- apache
- name: "logrotate: {{ apache_logrotate_frequency }}"
replace:
ansible.builtin.replace:
dest: /etc/logrotate.d/apache2
regexp: "(daily|weekly|monthly)"
replace: "{{ apache_logrotate_frequency }}"
@ -192,19 +194,19 @@
- apache
- name: "logrotate: rotate {{ apache_logrotate_rotate }}"
replace:
ansible.builtin.replace:
dest: /etc/logrotate.d/apache2
regexp: '^(\s+rotate) \d+$'
replace: '\1 {{ apache_logrotate_rotate }}'
tags:
- apache
- include: log2mail.yml
- ansible.builtin.include: log2mail.yml
when: apache_log2mail_include
tags:
- apache
- include: munin.yml
- ansible.builtin.include: munin.yml
when: apache_munin_include | bool
tags:
- apache

View File

@ -1,7 +1,7 @@
---
- name: "Install munin-node and core plugins packages"
apt:
ansible.builtin.apt:
name:
- munin-node
- munin-plugins-core
@ -11,7 +11,7 @@
- munin
- name: "Enable Munin plugins"
file:
ansible.builtin.file:
src: "/usr/share/munin/plugins/{{ item }}"
dest: "/etc/munin/plugins/{{ item }}"
state: link
@ -25,7 +25,7 @@
- munin
- name: "Install fcgi packages for Munin graphs"
apt:
ansible.builtin.apt:
name:
- libapache2-mod-fcgid
- libcgi-fast-perl
@ -36,7 +36,8 @@
- munin
- name: "Enable libapache2-mod-fcgid"
command: a2enmod fcgid
ansible.builtin.command:
cmd: a2enmod fcgid
register: cmd_enable_fcgid
changed_when: "'Module fcgid already enabled' not in cmd_enable_fcgid.stdout"
notify: restart apache
@ -45,7 +46,7 @@
- munin
- name: "Apache has access to /var/log/munin/"
file:
ansible.builtin.file:
path: /var/log/munin/
group: www-data
tags:

View File

@ -1,7 +1,7 @@
---
- name: server status dirname exists
file:
ansible.builtin.file:
dest: "{{ apache_serverstatus_suffix_file | dirname }}"
mode: "0700"
owner: root
@ -9,62 +9,71 @@
state: directory
- name: set apache serverstatus suffix if provided
copy:
ansible.builtin.copy:
dest: "{{ apache_serverstatus_suffix_file }}"
# The last character "\u000A" is a line feed (LF), it's better to keep it
content: "{{ apache_serverstatus_suffix }}\u000A"
force: yes
force: true
when: apache_serverstatus_suffix | length > 0
- name: generate random string for server-status suffix
shell: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
ansible.builtin.shell:
cmd: "apg -a 1 -M N -n 1 > {{ apache_serverstatus_suffix_file }}"
args:
creates: "{{ apache_serverstatus_suffix_file }}"
- name: read apache server status suffix
command: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
ansible.builtin.command:
cmd: "tail -n 1 {{ apache_serverstatus_suffix_file }}"
changed_when: False
check_mode: no
register: new_apache_serverstatus_suffix
- name: overwrite apache_serverstatus_suffix
set_fact:
ansible.builtin.set_fact:
apache_serverstatus_suffix: "{{ new_apache_serverstatus_suffix.stdout }}"
- debug:
- ansible.builtin.debug:
var: apache_serverstatus_suffix
verbosity: 1
- name: replace server-status suffix in default site index
replace:
ansible.builtin.replace:
dest: /var/www/index.html
regexp: '__SERVERSTATUS_SUFFIX__'
replace: "{{ apache_serverstatus_suffix }}"
- name: add server-status suffix in default site index if missing
replace:
ansible.builtin.replace:
dest: /var/www/index.html
regexp: '"/server-status-?"'
replace: '"/server-status-{{ apache_serverstatus_suffix }}"'
- name: add server-status suffix in default VHost
replace:
ansible.builtin.replace:
dest: /etc/apache2/sites-available/000-evolinux-default.conf
regexp: '<Location /server-status-?>'
replace: '<Location /server-status-{{ apache_serverstatus_suffix }}>'
notify: reload apache
- name: Munin configuration has a section for apache
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/munin/plugin-conf.d/munin-node
line: "[apache_*]"
create: no
- name: apache-status URL is configured for Munin
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/munin/plugin-conf.d/munin-node
line: "env.url http://{{ apache_serverstatus_host }}/server-status-{{ apache_serverstatus_suffix }}?auto"
regexp: 'env.url http://[^\\/]+/server-status'
insertafter: "[apache_*]"
create: no
notify: restart munin-node
- name: add mailgraph URL in index.html
ansible.builtin.lineinfile:
dest: /var/www/index.html
state: present
line: ' <li><a href="/mailgraph">Stats Mail</a></li>'
insertbefore: "</ul>"

View File

@ -35,6 +35,15 @@
Include /etc/apache2/ipaddr_whitelist.conf
</Directory>
# Mailgraph configuration
Alias /mailgraph /usr/share/mailgraph
<Directory /usr/share/mailgraph>
DirectoryIndex mailgraph.cgi
Require all granted
Options +FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>
CustomLog /var/log/apache2/access.log vhost_combined
ErrorLog /var/log/apache2/error.log
LogLevel warn
@ -118,6 +127,15 @@
Include /etc/apache2/ipaddr_whitelist.conf
</Location>
# Mailgraph configuration
Alias /mailgraph /usr/share/mailgraph
<Directory /usr/share/mailgraph>
DirectoryIndex mailgraph.cgi
Require all granted
Options +FollowSymLinks +ExecCGI
AddHandler cgi-script .cgi
</Directory>
# BEGIN phpMyAdmin section
# END phpMyAdmin section

View File

@ -8,10 +8,13 @@ apt_upgrade: False
apt_install_basics: True
apt_basics_components: "main"
# With Debian 12+ and the deb822 format of source files
# backports are always installed but enabled according to `apt_install_backports`
apt_install_backports: False
apt_backports_components: "main"
apt_install_evolix_public: True
apt_install_extended_lts: False
apt_clean_gandi_sourceslist: False
@ -26,4 +29,4 @@ apt_check_hold_cron_weekday: "*"
apt_check_hold_cron_day: "*"
apt_check_hold_cron_month: "*"
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"
apt_keyring_dir: "{{ ansible_distribution_major_version is version('12', '<') | ternary('/etc/apt/trusted.gpg.d', '/etc/apt/keyrings') }}"

View File

@ -1,3 +0,0 @@
Package: *
Pin: release a=bullseye-backports
Pin-Priority: 50

View File

@ -1,3 +0,0 @@
Package: *
Pin: release a=buster-backports
Pin-Priority: 50

168
apt/files/deb822-migration.py Executable file
View File

@ -0,0 +1,168 @@
#!/usr/bin/env python3
##########
# This script takes a multi-lines input of "oneliner-style" APT sources definitions.
# It converts them into "deb822-style" sources.
# Each generated file will have only one stanza, possibly with multiple Types/Suites/Components
##########
import re
import sys
import os
import select
import apt
import apt_pkg
# Order matters !
destinations = {
"debian-security": "security.sources",
".*-backports": "backports.sources",
".debian.org": "system.sources",
"mirror.evolix.org": "system.sources",
"ftp.evolix.org": "system.sources",
"pub.evolix.net": "evolix_public_old.sources.bak",
"pub.evolix.org": "evolix_public.sources",
"artifacts.elastic.co": "elastic.sources",
"download.docker.com": "docker.sources",
"downloads.linux.hpe.com": "hp.sources",
"pkg.jenkins-ci.org": "jenkins.sources",
"packages.sury.org": "sury.sources",
"repo.mongodb.org": "mongodb.sources",
"apt.newrelic.com": "newrelic.sources",
"deb.nodesource.com": "nodesource.sources",
"dl.yarnpkg.com": "yarn.sources",
"apt.postgresql.org": "postgresql.sources",
"packages.microsoft.com/repos/vscode": "microsoft-vscode.sources",
"packages.microsoft.com/repos/ms-teams": "microsoft-teams.sources",
"updates.signal.org": "signal.sources",
"downloads.1password.com/linux/debian": "1password.sources",
"download.virtualbox.org": "virtualbox.sources"
}
sources_parts = apt_pkg.config.find_dir('Dir::Etc::sourceparts')
def split_options(raw):
table = str.maketrans({
"[": None,
"]": None
})
options = raw.translate(table).split(' ')
return options
def auto_destination(uri):
basename = uri
basename = re.sub('\[[^\]]+\]', '', basename)
basename = re.sub('\w+://', '', basename)
basename = '_'.join(re.sub('[^a-zA-Z0-9]', ' ', basename).split())
return '%s.sources' % basename
def destination(matches):
for search_str in destinations.keys():
search_pattern = re.compile(f'{search_str}(/|\s|$)')
if re.search(search_pattern, matches['uri']) or re.search(search_pattern, matches["suite"]):
return destinations[search_str]
# fallback if nothing matches
return auto_destination(matches['uri'])
def prepare_sources(lines):
sources = {}
pattern = re.compile('^(?: *(?P<type>deb|deb-src)) +(?P<options>\[.+\] ?)*(?P<uri>\w+:\/\/\S+) +(?P<suite>\S+)(?: +(?P<components>.*))?$')
for line in lines:
matches = re.match(pattern, line)
if matches is not None:
dest = destination(matches)
options = {}
if matches.group('options'):
for option in split_options(matches['options']):
if "=" in option:
key, value = option.split("=")
options[key] = value
### WARNING ###
# if there are multiple lines with different URIS for a given destination (eg. "system")
# each one will overwrite the previous one
# and the last evaluated will be what remains.
if dest in sources:
sources[dest]["Types"].add(matches["type"])
sources[dest]["URIs"] = matches["uri"]
sources[dest]["Suites"].add(matches["suite"])
sources[dest]["Components"].update(matches["components"].split(' '))
else:
source = {
"Types": {matches['type']},
"URIs": matches['uri'],
"Enabled": "yes",
}
if matches.group('suite'):
source["Suites"] = set(matches['suite'].split(' '))
if matches.group('components'):
source["Components"] = set(matches['components'].split(' '))
if "arch" in options:
if "Architectures" in source:
source["Architectures"].append(options["arch"])
else:
source["Architectures"] = {options["arch"]}
if "signed-by" in options:
if "Signed-by" in source:
source["Signed-by"].append(options["signed-by"])
else:
source["Signed-by"] = {options["signed-by"]}
if "lang" in options:
if "Languages" in source:
source["Languages"].append(options["lang"])
else:
source["Languages"] = {options["lang"]}
if "target" in options:
if "Targets" in source:
source["Targets"].append(options["target"])
else:
source["Targets"] = {options["target"]}
sources[dest] = source
return sources
def save_sources(sources, output_dir):
# print(output_dir)
# print(sources)
for dest, source in sources.items():
source_path = output_dir + dest
with open(source_path, 'w') as file:
for key, value in source.items():
if isinstance(value, str):
file.write("{}: {}\n".format(key, value))
else:
file.write("{}: {}\n".format(key, ' '.join(value)))
def main():
if select.select([sys.stdin, ], [], [], 0.0)[0]:
sources = prepare_sources(sys.stdin)
# elif len(sys.argv) > 1:
# sources = prepare_sources([sys.argv[1]])
else:
print("You must provide source lines to stdin", file=sys.stderr)
sys.exit(1)
output_dir = apt_pkg.config.find_dir('Dir::Etc::sourceparts')
save_sources(sources, output_dir)
if __name__ == "__main__":
main()
sys.exit(0)

55
apt/files/deb822-migration.sh Executable file
View File

@ -0,0 +1,55 @@
#!/bin/sh
##########
# This script changes all "one-line" APT sources into "deb822" sources.
# It is responsible for searching and processing the files.
# The actual format migration is done by a python script.
##########
deb822_migrate_script=$(command -v deb822-migration.py)
if [ -z "${deb822_migrate_script}" ]; then
deb822_migrate_script="$(dirname "$0")/deb822-migration.py"
fi
if [ ! -x "${deb822_migrate_script}" ]; then
>&2 echo "ERROR: '${deb822_migrate_script}' not found or not executable"
exit 1
fi
sources_from_file() {
grep --extended-regexp "^\s*(deb|deb-src) " $1
}
rc=0
count=0
if [ -f /etc/apt/sources.list ]; then
sources_from_file /etc/apt/sources.list | ${deb822_migrate_script}
python_rc=$?
if [ ${python_rc} -eq 0 ]; then
mv /etc/apt/sources.list /etc/apt/sources.list.bak
echo "OK: /etc/apt/sources.list"
count=$(( count + 1 ))
else
>&2 echo "ERROR: failed migration for /etc/apt/sources.list"
rc=1
fi
fi
for file in $(find /etc/apt/sources.list.d -mindepth 1 -maxdepth 1 -type f -name '*.list'); do
sources_from_file "${file}" | ${deb822_migrate_script}
python_rc=$?
if [ ${python_rc} -eq 0 ]; then
mv "${file}" "${file}.bak"
echo "OK: ${file}"
count=$(( count + 1 ))
else
>&2 echo "ERROR: failed migration for ${file}"
rc=1
fi
done
echo "${count} file(s) migrated"
exit ${rc}

Binary file not shown.

View File

@ -1,3 +0,0 @@
Package: *
Pin: release a=jessie-backports
Pin-Priority: 50

View File

@ -0,0 +1,32 @@
#!/bin/sh
# Move apt repository key from /etc/apt/trusted.gpg.d/ to /etc/apt/keyrings/ and add "signed-by" tag in source list
#
# Example: move-apt-keyrings.sh http://repo.mongodb.org/apt/debian mongodb-server-[0-9\\.]+.asc
repository_pattern=$1
key=$2
found_files=$(grep --files-with-matches --recursive --extended-regexp "${repository_pattern}" "/etc/apt/sources.list.d/*.list")
old_key_file="/etc/apt/trusted.gpg.d/${key}"
new_key_file="/etc/apt/keyrings/${key}"
for file in ${found_files}; do
if ! grep --quiet "signed-by" "${file}"; then
signed_by="signed-by=${new_key_file}"
if grep --quiet "deb(-src)? \[" "${file}"; then
sed -i "s@deb\(-src\)\? \[\([^]]\+\)\]@deb\1 [\2 ${signed_by}]@" "${file}"
else
sed -i "s@deb\(-src\)\? @deb\1 [${signed_by}] @" "${file}"
fi
fi
done
if [ -f "${old_key_file}" ] && [ ! -f "${new_key_file}" ]; then
mv "${old_key_file}" "${new_key_file}"
fi
if [ -f "${new_key_file}" ]; then
chmod 644 "${new_key_file}"
chown root: "${new_key_file}"
fi

87
apt/files/pub_evolix.asc Normal file
View File

@ -0,0 +1,87 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGOsRdcBEADDPJ8Tsqr5Z4crmQlNQM32hfufe7gTUrXo0cAL8clt92y1QX3N
YyMv0Re4+Ugo7JZd4jsF2Q1twJMxsX5rA12xDnHHcZRSc/E0DIYvPnfLzEHkwseN
OK4f9lI+xo06k+B3KQQKMeI/RjVaN6AiSply9ZGaZVeGGqd4es4PsU1VQMTWdclV
Bn54HBWUnL5dPStPMnNkt0bMQYIqc5733Yby3qMiUKcql2bl9TYBw8SaJXvClsLw
ERqit6FjljUOEeWtB4WZFpjhc/aqcxGcUTPHRrNTlNF0HCvk8JicEu4/lr99pwy7
7z6SRql++WGMSG06E4MBtUt+wWAmDDHNj3fdZPnoCaDFp7vxy/FEARB2aygTtu11
mLk4XOKheqU/WibWxoXRzyUCuclJ247Fh+YPxkYVG1dnDwpWGbYuRmzUapGLv4ma
dnKsQN0KhXzUqkSoybBgV208dGOP7BqdY6TVnyU0v/7XDeUqFEwnllRKMSYLilV3
huTifiCFTK45HACM/x2yckx8dyAuYg6cJaAR1yn1iaTexoyYPG9ZFifvMB6ranEm
vkmQq1e8/7xiNSQsh5F3Ybl5hh4GVLwsR6esfZsHG0Ve+CitsmcZgWnr0JJ2PZOk
+XHxMwo7Gb0/KVH9XGeoXk+eiNNW/kdcgBMkGkU3nWooVHDm7Dy54I5CzQARAQAB
tC9Fdm9saXggUHVibGljIFJlcG9zaXRvcnkgPGVxdWlwZStwdWJAZXZvbGl4LmZy
PokCVAQTAQoAPhYhBP+vfRvzUK1F+rMpCUaPWta4YwY9BQJjrEXXAhsDBQkHhM4A
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEEaPWta4YwY9V6oP/iYfZceiA1Sy
x9t/7CL3EReuvpdZtZYf2KklBfxEFtzkERV/KKMMpf8mKoGD6BA+ryUc7b4a8npq
yvKbSKDHGZW6gAbq8hneW71vRuNfPNqtfO98JbJO694nqX9sIYU2xQn0UIh0G6N7
D2bOcaicn8AgV/8cQZfgN9yRM4VhCoWZwhLqgROUqMYfDn3szamfkPcFiw10ToVt
c2PIFdqj2soKO9OrF5Ct/pztSGy1f+orDFiJ0AtRlqqRk9z18VB893qspfyd6y9N
q7IrQbYsiP+D8DcXYWZA1KURsI4LVQwsudNXokvGkYdnZitVgXI2lIaY7odDou5F
btZsCIEa45m7Vmvu0Wvtu/90EFbu9iwbOVrNpC7lLnfJpDObVXMiY1r0rQVuweEZ
ZbBcv1NUa3R0SPsPLPKf7L6dCx8gCpZjDVJLsgBeeSEV7XFQiYDbl8THasNTKCOa
C6v4h00mg0H6GhZvGMx+lcx8TzW6l3XXRoptHl4vkdE5usLFjy8/JWG3yJ7e2W3D
jVbPQ0UKJAnkGn1t+UJB1GP9O4annks0nPfcomjZzaDweIL8zSLPy5R9DGNgYLjp
5h/baLoNAOkaKssZrusq/P+BM2tdr3i/N6TK+dbrffz3hNgzSFFYVg51DspV7XWo
JKGqhqCgQpkms+NPJiKr4NDs6DdXn0IKuQINBGOsRdcBEAC9i5qcrYLTfeGrWPo3
Zok3jikNk181HC3HR7Wu8a5whCe/88GgJDY00sU2zZEF9hN/4Vtqq9FICVXUcs+F
5j+Gcb/sqAgwXuwk8LKuhbtR2cnz6I0GCsqNPuj+5uM7MXQlVWeIN5Z6zA/Jw++o
aENZHO6cnuep2KDNPUZzjmTHAa4+qXRL5cRXEOmMB1vtA8mm/43c7wicJ7MrZpba
mqzmiQPsQ2qfmCABfx8BwBgXCVON4sgtzCa+rYOPScsDtv0pv6uG+h/GJp4MdKBp
g3BfShQEAmOwwy3Pt2vo9Rw2s0uJJ9AM2O6tJ3x93YkUP5qj3Etr/eTcgVUiVvSs
h2Rrz2FLen3GMAcqUUDPViCy9nEWRAo7iWQgAKgr8WjeGerOmtsYPyjIQE47eX5M
Gomx0LVCGigYfkSAFIYzm5I+depmn1qTUyizfklvPr0bA/8Cs4zbqx6Pf6Rk5wvb
sJ4envk3dzQRNTH1Vt7Yoktyx1+VX0HFVEaPTQ3JlFORaHYwQQ97LaOZ0VmztE0A
5+CIFFdqp/0H7zGPol+LsPgqnzZZEQ2XFYPOy7/gB17zI2eWNWPAQmOdrUM/v12A
etnLEthZyALcjjBpJEVIHFnuaabYp+mdotycjDkBNSh+P+8H/UsMSrNVhheKQLB8
smzwFcSrAcnQbtiCjFWANTWyKQARAQABiQI8BBgBCgAmFiEE/699G/NQrUX6sykJ
Ro9a1rhjBj0FAmOsRdcCGwwFCQeEzgAACgkQRo9a1rhjBj0FZw//fNhJdx55ACvX
mpa8wz6eZOvzhr5GWSW5/Qie9nRjInPPI3bJ/jU0S/4ENqFBD9RSvY5F+0xCU67F
V2R3a3FFcB81HLIcUrkN0GH6fLcex0Js+grq/U117e2umdfGMKQG0UFJ+XonhtlT
foBcBjXPFr2NUaJB2SPo/RPQ3U+N3wMSm0ZbB/Xvxi5qMEb971dfObvsXTkQZvn7
b0TvccfHhyzs2IM8pZO3PamTwA5e16/2QqisRX4CeL0a/q3Yxfw4R8RPCrz/l0k5
FPdbdXaQuk5s+CiV+Nse7yFGoEoSlLpJM2BpueBsIg92joyOstZRm+tuCb5QefWI
7yFPfJU6xG1CMDqIGjXNU1tzSIoReGUBCNrE9UgzBQPPVD0jNM1WdW6HWSVR7jBb
+dvAeJNzQjJYlvKLQ383mAiVcwmCWBUp+R/kBPlLMGEpLlspti5fkmEc8xvtCaHc
fCLVWd0r2lUFUz+W53r8IXaRcxLtFinz7SHZPrlhaVwErdtlo+5X3kq39Mc4KCmF
bevT+qxlgzHXof+WGTYoc9IHkhDrvZ/TWeAUnBPvVn88dsBRtOC9f5wSCK4r9SfR
Dnf0lAsLWMpNtt812W8sA82RGXRUBwonZKa7YoGNKSa2vPJcUgmpIiHNtoLWpNa+
7pYGN7bV51zyQ1ERaLU5TBC9sPE70p25Ag0EY6xJaQEQAKsxFCb4Vxe8VuUEAKp/
RSRNGX/v9KqXVwbnf3kTYq9FMoplZBeqj4LQ22BqRzZ74ywoyfvHHtvkAtCbmrlc
8iLQEmicLug3Ibk97qm1lvvHnK9fqFOWh+Tx/omlaiSzEfAFbLEjNcplmq1ooqmX
fkI9zcefLZHtUFx6Clw3rwp79d/V5XJDM+2jwB47HfIhrW6jEubUuaXIHNR/GSSd
gTYuw55g9K97LhONX6ZvSBhjp4pOeUUbtFuG1fRkjPiObsB54fJ2R32yfm4jV53/
YgG/Ih/o97tKV+ishQIrr85SB3XiLFlGhQuu/0a/+/vfGVTbJOzrQrE+OCWt9Xm1
4b91MiVSSzXy6TGzPvpNXYR2PQZzVwvz7UctCikaE4gGB0lSH0LemDD0LZIZUwBL
1G9mlwFTkMYK0+iMyHFOKeAlUnSSpO6hFYr4GHOxAMGTjHqqEJZ3lBi9SBPc7AEK
3NcEp4etuiLOeaSBtqmUs+y7g8yMTrnyWPVxa0l5q4OUitbb2qvWYbaD3O22xYyj
9BlqzpG9uO6/d8HefDK8XMNCHlmwFoJj3HJlHJg7oN029vYsXEwBIhFyolAPzIvB
jpLKcebq9DJSObs1nHjAyVUpL4ZzRmujFcJYDYSixiqaWc/1aGTgUZQ/JDXcODiC
LgFu1vLTRf6hwKSb/vnZP5OtABEBAAGJBHIEGAEKACYWIQT/r30b81CtRfqzKQlG
j1rWuGMGPQUCY6xJaQIbAgUJA8JnAAJACRBGj1rWuGMGPcF0IAQZAQoAHRYhBA7H
BbTwXPF0hLMgRYefxhvnjx3ABQJjrElpAAoJEIefxhvnjx3ANpUQAIFLkLcx2z3M
jV0SgoAYertib9T/OOy/rsfeQjE6DFk6IArrHolZPA9g/PpTPuRwK165n5xw483q
BMyssUT9IK7SZxt0gbKpvZ0HFSCwSp5wdSJZymwB4AOcgRBU5rwC/9fFxYihgIym
Ig7TH9aWW4hDbEuGJDrKbhK+DpIL7lK3A5WUZk9ltGOpCcFctV3YnVgbMIwX5gO6
lZ5Zi6NHJEB3HauVZJ59NIPJ/f0xe5GMte/LXckyijs9ei4WOFOjstiW64EWkOBH
El0tj+LUxLznCP2szdXjkDN1P6/NDrY1Nid6/ECOfkh4xO/VHhkdSRAlhdP9FHiV
sy3KUUoPH5B805z1MyOI7UYUD/8CK0juIXcbw7isbVUmLf/VV8jEDmq3WWDj8YZp
IStn2AvQeo3VWGWUfkf3v7UthKandIUTIGc5isD+i6KvzzbggyyZWNtvb3/1wMrz
DUKGlFi/IjMhhElJ0oF3YGsBwz2V2UKP7pPIYo+f5zthc7SbmO9yxAQebEOc3prM
G/Br8JOZ90w1dy6CeIYxkM4YEhhG1K8CzD3ZTTI7vh8mwRc92A6HI2NFyxeYJCr0
IsUcFQpCyXMtcLRN75DGLIjIKdYrYJuwSiUgcH5FtgkuxMYfJEX9UX8rV7HAxUvs
UdIyHLl7k+khGlZa0/W6uCioFNiygnBEp7oP/iSj4Q2Xh5yKI6Jjw/IsfRcsiaac
lHc7uF0caYGMkqRNHiX17d5EtaidTbiqQii1W9slSPXmUuUcKfD1xUfLng7TbZVm
AdEbpHCT+q037cGCYFpHPMvw3OYhhGzYeh3+1oN9t3ZvyGlvAhkrtssDQB+gxX8r
adCpihziFLjm+6IvCLYHEh3gILVFbbhdYDDUduFFjf/snlJW7j8OVc7Cxa7FbPdf
SHLT9VESzf7oiwkP5/ijGmHiEQoJd9EWYkGGz+LZAXemBwe5ZnPPWVZvDEQRMe8v
2V8pa37vyReaK//O8xxGg3NzGTn9otwVr/4Ti9OxrSzmDWpd967oZ42IZSeSY2bz
kOaV8z4C8AIgIA7vWOS83Hncbrgf2nMCXmRjf0KTMm1P7Z0BQDWpxK9lP0nRpVAg
2T3/OjJ9KcAsTz02NFC3/kOUz//NcfDP747HsQB0sltIty140B7CfcWk0a0eKSad
OxGUehskjyKhO6v3dYF+8oR9p98Q8/Rh8r7evYy2mfhgJd7a9Cchn7612Y6k1SLf
nmPGYu3s0lf/k6GoHLfXXQIJDgWeua4ZBr6cgpGONLSvWBeCVaqnk8nhbNIiSBHk
jnrcX8xAtoPLgqg0+yi7rZ3NAauZcQE6UaNB+xjJxDOIpgVLUWtFyAG4MDeIh6GH
oA9QflpnDubMnCve
=ZCml
-----END PGP PUBLIC KEY BLOCK-----

BIN
apt/files/pub_evolix.gpg Normal file

Binary file not shown.

View File

@ -1,3 +0,0 @@
Package: *
Pin: release a=stretch-backports
Pin-Priority: 50

View File

@ -0,0 +1,18 @@
---
- name: Backports deb822 sources list is installed
ansible.builtin.template:
src: '{{ ansible_distribution_release }}_backports.sources.j2'
dest: /etc/apt/sources.list.d/backports.sources
force: true
mode: "0640"
register: apt_backports_sources
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
when: apt_backports_sources is changed
tags:
- apt

View File

@ -0,0 +1,35 @@
---
- name: No backports config in default sources.list
ansible.builtin.lineinfile:
dest: /etc/apt/sources.list
regexp: "backports"
state: absent
tags:
- apt
- name: Backports sources list is installed
ansible.builtin.template:
src: '{{ ansible_distribution_release }}_backports.list.j2'
dest: /etc/apt/sources.list.d/backports.list
force: true
mode: "0640"
register: apt_backports_list
tags:
- apt
- name: Archived backport are accepted (jessie)
ansible.builtin.lineinfile:
dest: '/etc/apt/apt.conf.d/99no-check-valid-until'
line: 'Acquire::Check-Valid-Until no;'
create: yes
state: present
tags:
- apt
when: ansible_distribution_release == "jessie"
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_backports_list is changed

View File

@ -1,45 +1,13 @@
---
- name: No backports config in default sources.list
lineinfile:
dest: /etc/apt/sources.list
regexp: "backports"
state: absent
tags:
- apt
- name: Backports sources list is installed
template:
src: '{{ ansible_distribution_release }}_backports.list.j2'
dest: /etc/apt/sources.list.d/backports.list
force: yes
mode: "0640"
register: apt_backports_list
tags:
- apt
# Backward compatibility task file
- name: Backports configuration
copy:
src: '{{ ansible_distribution_release }}_backports_preferences'
dest: /etc/apt/preferences.d/0-backports-defaults
force: yes
mode: "0640"
register: apt_backports_config
tags:
- apt
- name: Install backports repositories (Debian <12)
ansible.builtin.import_tasks: backports.oneline.yml
when:
- ansible_distribution_major_version is version('12', '<')
- name: Archived backport are accepted (jessie)
lineinfile:
dest: '/etc/apt/apt.conf.d/99no-check-valid-until'
line: 'Acquire::Check-Valid-Until no;'
create: yes
state: present
when: ansible_distribution_release == "jessie"
tags:
- apt
- name: Apt update
apt:
update_cache: yes
when: apt_backports_list is changed or apt_backports_config is changed
tags:
- apt
- name: Install backports repositories (Debian >=12)
ansible.builtin.import_tasks: backports.deb822.yml
when:
- ansible_distribution_major_version is version('12', '>=')

View File

@ -0,0 +1,45 @@
---
- name: Change basics repositories
ansible.builtin.template:
src: "{{ ansible_distribution_release }}_basics.sources.j2"
dest: /etc/apt/sources.list.d/system.sources
mode: "0644"
force: true
register: apt_basic_sources
tags:
- apt
- name: Change security repositories
ansible.builtin.template:
src: "{{ ansible_distribution_release }}_security.sources.j2"
dest: /etc/apt/sources.list.d/security.sources
mode: "0644"
force: true
register: apt_security_sources
tags:
- apt
- name: Find one-line APT sources
ansible.builtin.find:
paths: /etc/apt
patterns: '*.list'
register: list_files
- name: Disable one-line-formatted sources
ansible.builtin.command:
cmd: "mv --verbose {{ item.path }} {{ item.path }}.bak"
environment:
LC_ALL: C
loop: "{{ list_files.files }}"
register: rename_cmd
changed_when: "'renamed' in rename_cmd.stdout"
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_basic_list is changed or apt_security_sources is changed

View File

@ -0,0 +1,18 @@
---
- name: Change basics repositories
ansible.builtin.template:
src: "{{ ansible_distribution_release }}_basics.list.j2"
dest: /etc/apt/sources.list
mode: "0644"
force: true
register: apt_basic_list
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_basic_list is changed

View File

@ -1,33 +1,13 @@
---
- name: Change basics repositories
template:
src: "{{ ansible_distribution_release }}_basics.list.j2"
dest: /etc/apt/sources.list
mode: "0644"
force: yes
register: apt_basic_list
tags:
- apt
# Backward compatibility task file
- name: Clean GANDI sources.list.d/debian-security.list
file:
path: '{{ item }}'
state: absent
loop:
- /etc/apt/sources.list.d/debian-security.list
- /etc/apt/sources.list.d/debian-jessie.list
- /etc/apt/sources.list.d/debian-stretch.list
- /etc/apt/sources.list.d/debian-buster.list
- /etc/apt/sources.list.d/debian-bullseye.list
- /etc/apt/sources.list.d/debian-update.list
when: apt_clean_gandi_sourceslist | bool
tags:
- apt
- name: Install basics repositories (Debian <12)
ansible.builtin.import_tasks: basics.oneline.yml
when:
- ansible_distribution_major_version is version('12', '<')
- name: Apt update
apt:
update_cache: yes
when: apt_basic_list is changed
tags:
- apt
- name: Install basics repositories (Debian >=12)
ansible.builtin.import_tasks: basics.deb822.yml
when:
- ansible_distribution_major_version is version('12', '>=')

View File

@ -1,7 +1,7 @@
---
- name: Evolinux config for APT
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apt/apt.conf.d/z-evolinux.conf
line: "{{ item.line }}"
regexp: "{{ item.regexp }}"
@ -12,12 +12,12 @@
- { line: "APT::Install-Recommends \"false\";", regexp: 'APT::Install-Recommends' }
- { line: "APT::Install-Suggests \"false\";", regexp: 'APT::Install-Suggests' }
- { line: "APT::Periodic::Enable \"0\";", regexp: 'APT::Periodic::Enable' }
when: apt_evolinux_config | bool
tags:
- apt
when: apt_evolinux_config | bool
- name: DPkg invoke hooks
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/apt/apt.conf.d/z-evolinux.conf
line: "{{ item }}"
create: yes
@ -28,14 +28,14 @@
- "DPkg::Pre-Invoke { \"df /usr | grep -q /usr && mount -oremount,rw /usr || true\"; };"
- "DPkg::Post-Invoke { \"df /tmp | grep -q /tmp && mount -oremount /tmp || true\"; };"
- "DPkg::Post-Invoke { \"df /usr | grep -q /usr && mount -oremount /usr || true\"; };"
when: apt_hooks | bool
tags:
- apt
when: apt_hooks | bool
- name: Remove Aptitude
apt:
ansible.builtin.apt:
name: aptitude
state: absent
when: apt_remove_aptitude | bool
tags:
- apt
when: apt_remove_aptitude | bool

View File

@ -0,0 +1,59 @@
---
- name: Look for legacy apt keyring
ansible.builtin.stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- apt
- name: Evolix embedded GPG key is absent
ansible.builtin.apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
tags:
- apt
when: _trusted_gpg_keyring.stat.exists
- name: "Ensure {{ apt_keyring_dir }} directory exists"
file:
path: "{{ apt_keyring_dir }}"
state: directory
mode: "755"
owner: root
group: root
- name: Set Evolix GPG key format to ASC
set_fact:
apt_evolix_public_key: "{{ apt_keyring_dir }}/pub_evolix.asc"
tags:
- apt
- name: Add Evolix GPG key
ansible.builtin.copy:
src: pub_evolix.asc
dest: "{{ apt_evolix_public_key }}"
force: true
mode: "0644"
owner: root
group: root
tags:
- apt
- name: Evolix public list is installed
ansible.builtin.template:
src: evolix_public.sources.j2
dest: /etc/apt/sources.list.d/evolix_public.sources
force: true
mode: "0640"
register: apt_evolix_public
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_evolix_public is changed

View File

@ -0,0 +1,69 @@
---
- name: Look for legacy apt keyring
ansible.builtin.stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- apt
- name: Evolix embedded GPG key is absent
ansible.builtin.apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
tags:
- apt
when: _trusted_gpg_keyring.stat.exists
- name: "Ensure {{ apt_keyring_dir }} directory exists"
file:
path: "{{ apt_keyring_dir }}"
state: directory
mode: "755"
owner: root
group: root
- name: Set Evolix GPG key format to GPG (Debian < 9)
set_fact:
apt_evolix_public_key: "pub_evolix.gpg"
when:
- ansible_distribution_major_version is version('9', '<')
tags:
- apt
- name: Set Evolix GPG key format to ASC (Debian >= 9)
set_fact:
apt_evolix_public_key: "pub_evolix.asc"
when:
- ansible_distribution_major_version is version('9', '>=')
tags:
- apt
- name: Add Evolix GPG key
ansible.builtin.copy:
src: "{{ apt_evolix_public_key }}"
dest: "{{ apt_keyring_dir }}/{{ apt_evolix_public_key }}"
force: true
mode: "0644"
owner: root
group: root
tags:
- apt
- name: Evolix public list is installed
ansible.builtin.template:
src: evolix_public.list.j2
dest: /etc/apt/sources.list.d/evolix_public.list
force: true
mode: "0640"
register: apt_evolix_public
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_evolix_public is changed

View File

@ -1,45 +1,13 @@
---
- name: Look for legacy apt keyring
stat:
path: /etc/apt/trusted.gpg
register: _trusted_gpg_keyring
tags:
- apt
# Backward compatibility task file
- name: Evolix embedded GPG key is absent
apt_key:
id: "B8612B5D"
keyring: /etc/apt/trusted.gpg
state: absent
when: _trusted_gpg_keyring.stat.exists
tags:
- apt
- name: Install Evolix Public repositories (Debian <12)
ansible.builtin.import_tasks: evolix_public.oneline.yml
when:
- ansible_distribution_major_version is version('12', '<')
- name: Add Evolix GPG key
copy:
src: reg.asc
dest: "{{ apt_keyring_dir }}/reg.asc"
force: yes
mode: "0644"
owner: root
group: root
tags:
- apt
- name: Evolix public list is installed
template:
src: evolix_public.list.j2
dest: /etc/apt/sources.list.d/evolix_public.list
force: yes
mode: "0640"
register: apt_evolix_public
tags:
- apt
- name: Apt update
apt:
update_cache: yes
when: apt_evolix_public is changed
tags:
- apt
- name: Install Evolix Public repositories (Debian >=12)
ansible.builtin.import_tasks: evolix_public.deb822.yml
when:
- ansible_distribution_major_version is version('12', '>=')

View File

@ -0,0 +1,37 @@
---
- name: "Ensure {{ apt_keyring_dir }} directory exists"
file:
path: "{{ apt_keyring_dir }}"
state: directory
mode: "755"
owner: root
group: root
- name: Add Evolix GPG key
ansible.builtin.copy:
src: "freexian-archive-extended-lts.gpg"
dest: "{{ apt_keyring_dir }}/freexian-archive-extended-lts.gpg"
force: true
mode: "0644"
owner: root
group: root
tags:
- apt
- name: ELTS list is installed
ansible.builtin.template:
src: "{{ ansible_distribution_release }}_extended-lts.list.j2"
dest: /etc/apt/sources.list.d/extended-lts.list
force: true
mode: "0640"
register: apt_extended_lts
tags:
- apt
- name: Apt update
ansible.builtin.apt:
update_cache: yes
tags:
- apt
when: apt_extended_lts is changed

View File

@ -1,8 +1,11 @@
---
- ansible.builtin.include_role:
name: evolix/remount-usr
- name: "hold packages (apt)"
shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
args:
ansible.builtin.shell:
cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) || apt-mark hold {{ item }})"
executable: /bin/bash
check_mode: no
register: apt_mark
@ -15,7 +18,7 @@
- apt
- name: "/etc/evolinux is present"
file:
ansible.builtin.file:
dest: /etc/evolinux
mode: "0700"
state: directory
@ -23,7 +26,7 @@
- apt
- name: "hold packages (config)"
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/evolinux/apt_hold_packages.cf
line: "{{ item }}"
create: True
@ -33,8 +36,8 @@
- apt
- name: "unhold packages (apt)"
shell: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
args:
ansible.builtin.shell:
cmd: "set -o pipefail && (dpkg -l {{ item }} 2>/dev/null | grep -q -E '^(i|h)i') && ((apt-mark showhold | grep --quiet {{ item }}) && apt-mark unhold {{ item }})"
executable: /bin/bash
check_mode: no
register: apt_mark
@ -45,7 +48,7 @@
- apt
- name: "unhold packages (config)"
lineinfile:
ansible.builtin.lineinfile:
dest: /etc/evolinux/apt_hold_packages.cf
line: "{{ item }}"
create: True
@ -55,7 +58,7 @@
- apt
- name: /usr/share/scripts exists
file:
ansible.builtin.file:
dest: /usr/share/scripts
mode: "0700"
owner: root
@ -65,25 +68,26 @@
- apt
- name: Check scripts is installed
copy:
ansible.builtin.copy:
src: check_held_packages.sh
dest: /usr/share/scripts/check_held_packages.sh
force: yes
force: true
mode: "0755"
tags:
- apt
- name: Check if Cron is installed
shell: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
ansible.builtin.shell:
cmd: "dpkg --list 'cron' 2>/dev/null | grep -q -E '^(i|h)i'"
register: is_cron
changed_when: false
failed_when: false
changed_when: False
failed_when: False
check_mode: no
tags:
- apt
- name: Check for held packages (script)
cron:
ansible.builtin.cron:
cron_file: apt-hold-packages
name: check_held_packages
job: "/usr/share/scripts/check_held_packages.sh"
@ -94,6 +98,6 @@
day: "{{ apt_check_hold_cron_day }}"
month: "{{ apt_check_hold_cron_month }}"
state: "present"
when: is_cron.rc == 0
tags:
- apt
when: is_cron.rc == 0

View File

@ -1,53 +1,137 @@
---
- name: "Compatibility check"
fail:
msg: only compatible with Debian >= 8
when:
- ansible_distribution != "Debian" or ansible_distribution_major_version is version('8', '<')
ansible.builtin.assert:
that:
- ansible_distribution == "Debian"
- ansible_distribution_major_version is version('8', '>=')
msg: Only compatible with Debian >= 8
tags:
- apt
- name: "apt-transport-https is installed for https repositories (before Buster)"
ansible.builtin.apt:
name:
- apt-transport-https
tags:
- apt
when: ansible_distribution_major_version is version('10', '<')
- name: "certificates are installed for https repositories"
ansible.builtin.apt:
name:
- ca-certificates
tags:
- apt
- name: Custom configuration
include: config.yml
ansible.builtin.import_tasks: config.yml
when: apt_config | bool
tags:
- apt
- name: Install basics repositories
include: basics.yml
when: apt_install_basics | bool
- name: Install basics repositories (Debian <12)
ansible.builtin.import_tasks: basics.oneline.yml
tags:
- apt
when:
- apt_install_basics | bool
- ansible_distribution_major_version is version('12', '<')
- name: Install APT Backports repository
include: backports.yml
when: apt_install_backports | bool
- name: Install basics repositories (Debian >=12)
ansible.builtin.import_tasks: basics.deb822.yml
tags:
- apt
when:
- apt_install_basics | bool
- ansible_distribution_major_version is version('12', '>=')
- name: Install Evolix Public APT repository
include: evolix_public.yml
when: apt_install_evolix_public | bool
- name: Install backports repositories (Debian <12)
ansible.builtin.import_tasks: backports.oneline.yml
tags:
- apt
when:
- apt_install_backports | bool
- ansible_distribution_major_version is version('12', '<')
# With Debian 12+ and the deb822 format of source files
# backports are always installed but enabled according to `apt_install_backports`
- name: Install backports repositories (Debian >=12)
ansible.builtin.import_tasks: backports.deb822.yml
tags:
- apt
when:
- ansible_distribution_major_version is version('12', '>=')
- name: Install Evolix Public repositories (Debian <12)
ansible.builtin.import_tasks: evolix_public.oneline.yml
tags:
- apt
when:
- apt_install_evolix_public | bool
- ansible_distribution_major_version is version('12', '<')
- name: Install Evolix Public repositories (Debian >=12)
ansible.builtin.import_tasks: evolix_public.deb822.yml
tags:
- apt
when:
- apt_install_evolix_public | bool
- ansible_distribution_major_version is version('12', '>=')
- name: Install Extended-LTS repositories (Debian < 10)
ansible.builtin.import_tasks: extended-lts.oneline.yml
tags:
- apt
when:
- apt_install_extended_lts | bool
- ansible_distribution_major_version is version('10', '<')
- name: Clean GANDI sources
ansible.builtin.file:
path: '{{ item }}'
state: absent
loop:
- /etc/apt/sources.list.d/debian-security.list
- /etc/apt/sources.list.d/debian-jessie.list
- /etc/apt/sources.list.d/debian-stretch.list
- /etc/apt/sources.list.d/debian-buster.list
- /etc/apt/sources.list.d/debian-bullseye.list
- /etc/apt/sources.list.d/debian-update.list
tags:
- apt
when: apt_clean_gandi_sourceslist | bool
- name: "Disable NonFreeFirmware warning for VM on Debian 12+"
ansible.builtin.lineinfile:
path: /etc/apt/apt.conf.d/no-bookworm-firmware.conf
create: yes
line: "APT::Get::Update::SourceListWarnings::NonFreeFirmware \"false\";"
tags:
- apt
when:
- ansible_distribution_major_version is version('12', '>=')
- ansible_virtualization_role == "guest"
- name: Install check for packages marked hold
include: hold_packages.yml
ansible.builtin.import_tasks: hold_packages.yml
when: apt_install_hold_packages | bool
tags:
- apt
- name: Updating APT cache
apt:
ansible.builtin.apt:
update_cache: yes
changed_when: False
tags:
- apt
- name: Upgrading system
apt:
ansible.builtin.apt:
upgrade: dist
when: apt_upgrade | bool
tags:
- apt
- apt

View File

@ -0,0 +1,62 @@
---
- ansible.builtin.include_role:
name: evolix/remount-usr
- name: /usr/share/scripts exists
ansible.builtin.file:
dest: /usr/share/scripts
mode: "0700"
owner: root
group: root
state: directory
tags:
- apt
- name: Migration scripts are installed
ansible.builtin.copy:
src: "{{ item }}"
dest: "/usr/share/scripts/{{ item }}"
force: true
mode: "0755"
loop:
- deb822-migration.py
- deb822-migration.sh
tags:
- apt
- name: Exec migration script
ansible.builtin.command:
cmd: /usr/share/scripts/deb822-migration.sh
ignore_errors: yes
tags:
- apt
- name: Is system.sources present?
ansible.builtin.stat:
path: /etc/apt/sources.list.d/system.sources
register: _system_sources
- name: Add signed-by when relevant for bookworm
ansible.builtin.lineinfile:
dest: /etc/apt/sources.list.d/system.sources
line: "Signed-by: /usr/share/keyrings/debian-archive-keyring.gpg"
insertafter: "Suites: bookworm bookworm-updates"
state: present
tags:
- apt
when: _system_sources.stat.exists or not ansible_check_mode
- name: Is security.sources present?
ansible.builtin.stat:
path: /etc/apt/sources.list.d/security.sources
register: _security_sources
- name: Add signed-by when relevant for bookworm-security
ansible.builtin.lineinfile:
dest: /etc/apt/sources.list.d/security.sources
line: "Signed-by: /usr/share/keyrings/debian-archive-keyring.gpg"
insertafter: "Suites: bookworm-security"
state: present
tags:
- apt
when: _security_sources.stat.exists or not ansible_check_mode

View File

@ -0,0 +1,53 @@
---
- name: New APT keyrings directory is present
ansible.builtin.file:
path: /etc/apt/keyrings
state: directory
mode: "0755"
owner: root
group: root
- ansible.builtin.include_role:
name: evolix/remount-usr
- name: /usr/share/scripts exists
ansible.builtin.file:
dest: /usr/share/scripts
mode: "0700"
owner: root
group: root
state: directory
tags:
- apt
- name: migration script is present
ansible.builtin.copy:
src: move-apt-keyrings.sh
dest: /usr/share/scripts/move-apt-keyrings.sh
mode: "0755"
owner: root
group: root
- name: Move repository signing key
ansible.builtin.command:
cmd: "/usr/share/scripts/move-apt-keyrings.sh \"{{ item.repository_pattern }}\" \"{{ item.key }}\""
loop:
- { repository_pattern: "http://pub.evolix.net/", key: "reg.asc" }
- { repository_pattern: "http://pub.evolix.org/evolix", key: "pub_evolix.asc" }
- { repository_pattern: "https://pub.evolix.org/evolix", key: "pub_evolix.asc" }
- { repository_pattern: "https://artifacts.elastic.co/packages/[^/]+/apt", key: "elastics.asc" }
- { repository_pattern: "https://download.docker.com/linux/debian", key: "docker-debian.asc" }
- { repository_pattern: "https://downloads.linux.hpe.com/SDR/repo/mcp", key: "hpePublicKey2048_key1.asc" }
- { repository_pattern: "http://pkg.jenkins-ci.org/debian-stable", key: "jenkins.asc" }
- { repository_pattern: "https://packages.sury.org/php/", key: "sury.gpg" }
- { repository_pattern: "http://repo.mongodb.org/apt/debian", key: "mongodb-server-[0-9\\.]+.asc" }
- { repository_pattern: "http://apt.newrelic.com/debian/", key: "newrelic.asc" }
- { repository_pattern: "https://deb.nodesource.com/", key: "nodesource.asc" }
- { repository_pattern: "https://dl.yarnpkg.com/debian/", key: "yarn.asc" }
- { repository_pattern: "http://apt.postgresql.org/pub/repos/apt/", key: "postgresql.asc" }
register: _cmd
- name: Debug command
ansible.builtin.debug:
var: _cmd

View File

@ -0,0 +1,7 @@
# {{ ansible_managed }}
Types: deb
URIs: http://mirror.evolix.org/debian
Suites: bullseye-backports
Components: {{ apt_backports_components | mandatory }}
Enabled: {{ apt_install_backports | bool | ternary('yes', 'no') }}

View File

@ -1,5 +0,0 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian bookworm {{ apt_basics_components | mandatory }}
deb http://mirror.evolix.org/debian/ bookworm-updates {{ apt_basics_components | mandatory }}
deb http://security.debian.org/debian-security bookworm-security {{ apt_basics_components | mandatory }}

View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: http://mirror.evolix.org/debian
Suites: bookworm bookworm-updates
Components: {{ apt_basics_components | mandatory }}
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-bookworm-automatic.gpg

View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: https://security.debian.org/debian-security
Suites: bookworm-security
Components: {{ apt_basics_components | mandatory }}
Enabled: yes
Signed-By: /usr/share/keyrings/debian-archive-bookworm-security-automatic.gpg

View File

@ -1,5 +1,5 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian bullseye {{ apt_basics_components | mandatory }}
deb http://mirror.evolix.org/debian/ bullseye-updates {{ apt_basics_components | mandatory }}
deb http://mirror.evolix.org/debian bullseye-updates {{ apt_basics_components | mandatory }}
deb http://security.debian.org/debian-security bullseye-security {{ apt_basics_components | mandatory }}

View File

@ -1,5 +1,5 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian buster {{ apt_basics_components | mandatory }}
deb http://mirror.evolix.org/debian/ buster-updates {{ apt_basics_components | mandatory }}
deb http://mirror.evolix.org/debian buster-updates {{ apt_basics_components | mandatory }}
deb http://security.debian.org/debian-security buster/updates {{ apt_basics_components | mandatory }}

View File

@ -1,7 +1,3 @@
# {{ ansible_managed }}
{% if ansible_distribution_release == "bookworm" %}
deb [signed-by={{ apt_keyring_dir }}/reg.asc] http://pub.evolix.net/ bullseye/
{% else %}
deb [signed-by={{ apt_keyring_dir }}/reg.asc] http://pub.evolix.net/ {{ ansible_distribution_release }}/
{% endif %}
deb [signed-by={{ apt_keyring_dir }}/{{ apt_evolix_public_key }}] http://pub.evolix.org/evolix {{ ansible_distribution_release }} main

View File

@ -0,0 +1,8 @@
# {{ ansible_managed }}
Types: deb
URIs: http://pub.evolix.org/evolix
Suites: {{ ansible_distribution_release }}
Components: main
Signed-by: {{ apt_keyring_dir }}/pub_evolix.asc
Enabled: yes

View File

@ -1,4 +1,5 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian/ jessie {{ apt_basics_components | mandatory }}
deb http://security.debian.org/ jessie/updates {{ apt_basics_components | mandatory }}
### Those repositories are unusable. Move to ELTS (manually).
# deb http://archive.debian.org/debian jessie {{ apt_basics_components | mandatory }}
# deb http://archive.debian.org/debian-security jessie/updates {{ apt_basics_components | mandatory }}

View File

@ -0,0 +1,4 @@
# {{ ansible_managed }}
deb [signed-by="{{ apt_keyring_dir }}/freexian-archive-extended-lts.gpg"] http://elts.evolix.org/extended-lts jessie main
deb [signed-by="{{ apt_keyring_dir }}/freexian-archive-extended-lts.gpg"] http://elts.evolix.org/extended-lts jessie-lts main

View File

@ -1,3 +1,3 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian stretch-backports {{ apt_backports_components | mandatory }}
deb http://archive.debian.org/debian stretch-backports {{ apt_backports_components | mandatory }}

View File

@ -1,5 +1,4 @@
# {{ ansible_managed }}
deb http://mirror.evolix.org/debian stretch {{ apt_basics_components | mandatory }}
deb http://mirror.evolix.org/debian/ stretch-updates {{ apt_basics_components | mandatory }}
deb http://security.debian.org/debian-security stretch/updates {{ apt_basics_components | mandatory }}
deb http://archive.debian.org/debian stretch {{ apt_basics_components | mandatory }}
deb http://archive.debian.org/debian-security stretch/updates {{ apt_basics_components | mandatory }}

View File

@ -0,0 +1,4 @@
# {{ ansible_managed }}
deb [signed-by="{{ apt_keyring_dir }}/freexian-archive-extended-lts.gpg"] http://elts.evolix.org/extended-lts stretch main
deb [signed-by="{{ apt_keyring_dir }}/freexian-archive-extended-lts.gpg"] http://elts.evolix.org/extended-lts stretch-lts main

View File

@ -0,0 +1,17 @@
---
general_scripts_dir: "/usr/share/scripts"
autosysadmin_agent_bin_dir: "/usr/local/bin/autosysadmin"
autosysadmin_agent_lib_dir: "/usr/local/lib/autosysadmin"
autosysadmin_agent_auto_dir: "{{ general_scripts_dir }}/autosysadmin/restart"
autosysadmin_agent_crontab_enabled: true
autosysadmin_agent_log_retention_days: 365
autosysadmin_config: []
### All repair are disabled if set to 'off'
### even if a specific repair value is 'on'
# repair_all: 'on'
### Default values for checks
# repair_foo: 'off'

View File

@ -0,0 +1,13 @@
/var/log/autosysadmin.log {
daily
missingok
rotate 365
compress
nodelaycompress
notifempty
dateext
dateformat .%Y-%m-%d
dateyesterday
copytruncate
create 0640 root adm
}

View File

@ -0,0 +1,3 @@
$template autosysadmin, "/var/log/autosysadmin.log"
if $programname contains 'autosysadmin' then ?autosysadmin
& stop

View File

@ -0,0 +1,25 @@
#!/bin/bash
days=${1:-365}
log_dir="/var/log/autosysadmin/"
if [ -d "${log_dir}" ]; then
find_run_dirs() {
find "${log_dir}" \
-mindepth 1 \
-maxdepth 1 \
-type d \
-ctime "+${days}" \
-print0
}
log() {
/usr/bin/logger -p local0.notice -t autosysadmin "${1}"
}
while IFS= read -r -d '' run_dir; do
rm --recursive --force "${run_dir}"
log "Delete ${run_dir} (older than ${days} days)"
done < <(find_run_dirs)
fi
exit 0

View File

@ -0,0 +1,907 @@
#!/bin/bash
VERSION="24.03"
# Common functions for "repair" and "restart" scripts
set -u
# Initializes the program, context, configuration…
initialize() {
PATH="${PATH}":/usr/sbin:/sbin
# Used in many places to refer to the program name.
# Examples: repair_mysql, restart_nrpe…
PROGNAME=$(basename "${0}")
# find out if running in interactive mode, or not
if [ -t 0 ]; then
INTERACTIVE=1
else
INTERACTIVE=0
fi
readonly INTERACTIVE
# Default empty value for Debug mode
DEBUG="${DEBUG:-""}"
# Repair scripts obey to the value of a variable named after the script
# You can set the value ("on" or "off") in /etc/evolinux/autosysadmin
# Here we set the default value to "on".
declare -g "${PROGNAME}"=on # dynamic variable assignment ($PROGNAME == repair_*)
PID=$$
readonly PID
# Each execution (run) gets a unique ID
RUN_ID="$(date +"%Y-%m-%d_%H-%M")_${PROGNAME}_${PID}"
readonly RUN_ID
# Main log directory
MAIN_LOG_DIR="/var/log/autosysadmin"
readonly MAIN_LOG_DIR
# shellcheck disable=SC2174
mkdir --mode=750 --parents "${MAIN_LOG_DIR}"
chgrp adm "${MAIN_LOG_DIR}"
# Each execution store some information
# in a unique directory based on the RUN_ID
RUN_LOG_DIR="${MAIN_LOG_DIR}/${RUN_ID}"
readonly RUN_LOG_DIR
# shellcheck disable=SC2174
mkdir --mode=750 --parents "${RUN_LOG_DIR}"
chgrp adm "${RUN_LOG_DIR}"
# This log file contains all events
RUN_LOG_FILE="${RUN_LOG_DIR}/autosysadmin.log"
readonly RUN_LOG_FILE
# This log file contains notable actions
ACTIONS_FILE="${RUN_LOG_DIR}/actions.log"
readonly ACTIONS_FILE
touch "${ACTIONS_FILE}"
# This log file contains abort reasons (if any)
ABORT_FILE="${RUN_LOG_DIR}/abort.log"
readonly ABORT_FILE
# touch "${ABORT_FILE}"
# Date format for log messages
DATE_FORMAT="%Y-%m-%d %H:%M:%S"
# This will contain lock, last-run markers…
# It's ok to lose the content after a reboot
RUN_DIR="/run/autosysadmin"
readonly RUN_DIR
mkdir -p "${RUN_DIR}"
# Only a singe instace of each script can run simultaneously
# We use a customizable lock name for this.
# By default it's the script's name
LOCK_NAME=${LOCK_NAME:-${PROGNAME}}
# If a lock is found, we can wait for it to disappear.
# The value must be understood by sleep(1)
LOCK_WAIT="0"
# Default values for email headers
EMAIL_FROM="equipe+autosysadmin@evolix.fr"
EMAIL_INTERNAL="autosysadmin@evolix.fr"
LOCK_FILE="${RUN_DIR}/${LOCK_NAME}.lock"
readonly LOCK_FILE
# Remove lock file at exit
cleanup() {
# shellcheck disable=SC2317
rm -f "${LOCK_FILE}"
}
trap 'cleanup' 0
# Load configuration
# shellcheck disable=SC1091
test -f /etc/evolinux/autosysadmin && source /etc/evolinux/autosysadmin
log_all "Begin ${PROGNAME} RUN_ID: ${RUN_ID}"
log_all "Log directory is ${RUN_LOG_DIR}"
}
# Executes a list of tasks before exiting:
# * prepare a summary of actions and possible abort reasons
# * send emails
# * do some cleanup
quit() {
log_all "End ${PROGNAME} RUN_ID: ${RUN_ID}"
summary="RUN_ID: ${RUN_ID}"
if [ -s "${ABORT_FILE}" ]; then
# Add abort reasons to summary
summary="${summary}\n$(print_abort_reasons)"
hook_mail "abort"
return_code=1
else
if [ -s "${ACTIONS_FILE}" ]; then
# Add notable actions to summary
summary="${summary}\n$(print_actions "Aucune action")"
hook_mail "success"
fi
return_code=0
fi
hook_mail "internal"
if is_interactive; then
# shellcheck disable=SC2001
echo "${summary}" | sed -e 's/\\n/\n/g'
else
/usr/share/scripts/evomaintenance.sh --auto --user autosysadmin --message "${summary}" --no-commit --no-mail
fi
teardown
# shellcheck disable=SC2086
exit ${return_code}
}
teardown() {
:
}
# Return true/false
is_interactive() {
test "${INTERACTIVE}" -eq "1"
}
save_server_state() {
DUMP_SERVER_STATE_BIN="$(command -v dump-server-state || command -v backup-server-state)"
if [ -z "${DUMP_SERVER_STATE_BIN}" ]; then
log_all "Warning: dump-server-state is not present. No server state recorded."
fi
if [ -x "${DUMP_SERVER_STATE_BIN}" ]; then
DUMP_DIR=$(file_path_in_log_dir "server-state")
# We don't want the logging to take too much time,
# so we kill it if it takes more than 20 seconds.
timeout --signal 9 20 \
"${DUMP_SERVER_STATE_BIN}" \
--dump-dir="${DUMP_DIR}" \
--df \
--dmesg \
--iptables \
--lxc \
--netcfg \
--netstat \
--uname \
--processes \
--systemctl \
--uptime \
--virsh \
--disks \
--mysql-processes \
--no-apt-states \
--no-apt-config \
--no-dpkg-full \
--no-dpkg-status \
--no-mount \
--no-packages \
--no-sysctl \
--no-etc
log_run "Server state saved in \`server-state' directory."
fi
}
is_debug() {
# first time: do the check…
# other times: pass
if [ -z "${DEBUG:-""}" ]; then
debug_file="/etc/evolinux/autosysadmin.debug"
if [ -e "${debug_file}" ]; then
last_change=$(stat -c %Z "${debug_file}")
limit_date=$(date --date "14400 seconds ago" +"%s")
if [ $(( last_change - limit_date )) -le "0" ]; then
log_run "Debug mode disabled; file is too old (%{last_change} seconds)."
rm "${debug_file}"
# Debug mode disabled
DEBUG="0"
else
log_run "Debug mode enabled."
# Debug mode enabled
DEBUG="1"
fi
else
# log_run "Debug mode disabled; file is absent."
# Debug mode disabled
DEBUG="0"
fi
fi
# return the value
test "${DEBUG}" -eq "1"
}
# Uses the who(1) definition of "active"
currently_active_users() {
LC_ALL=C who --users | grep --extended-regexp "\s+\.\s+" | awk '{print $1}' | sort --human-numeric-sort | uniq
}
# Users active in the last 29 minutes
recently_active_users() {
LC_ALL=C who --users | grep --extended-regexp "\s+00:(0|1|2)[0-9]\s+" | awk --field-separator ' ' '{print $1,$6}'
}
# Save the list of users to a file in the log directory
save_active_users() {
LC_ALL=C who --users | save_in_log_dir "who-users"
}
# An autosysadmin must not perform actions if a user is active or was active recently.
#
# This can by bypassed in interactive mode.
# It's OK to lose this data after a reboot.
ensure_no_active_users_or_exit() {
# Save all active users
save_active_users
if is_debug; then
log_run "Debug mode enabled: continue without checking active users."
return 0;
fi
# Is there any currently active user?
currently_active_users=$(currently_active_users)
if [ -n "${currently_active_users}" ]; then
# shellcheck disable=SC2001
users_oneliner=$(echo "${currently_active_users}" | sed -e 's/\n/ /')
log_run "Currently active users: ${users_oneliner}"
if is_interactive; then
echo "Some users are currently active:"
# shellcheck disable=SC2001
echo "${currently_active_users}" | sed -e 's/\(.\+\)/* \1/'
answer=""
while :; do
printf "> Continue? [Y,n,?] "
read -r answer
case ${answer} in
[Yy]|"" )
log_run "Active users check bypassed manually in interactive mode."
return
;;
[Nn] )
log_run "Active users check confirmed manually in interactive mode."
log_abort_and_quit "Active users detected: ${users_oneliner}"
;;
* )
printf "y - yes, continue\n"
printf "n - no, exit\n"
printf "? - print this help\n"
;;
esac
done
else
log_abort_and_quit "Currently active users detected: ${users_oneliner}."
fi
else
# or recently (the last 30 minutes) active user?
recently_active_users=$(recently_active_users)
if [ -n "${recently_active_users}" ]; then
# shellcheck disable=SC2001
users_oneliner=$(echo "${recently_active_users}" | sed -e 's/\n/ /')
log_run "Recently active users: ${users_oneliner}"
if is_interactive; then
echo "Some users were recently active:"
# shellcheck disable=SC2001
echo "${recently_active_users}" | sed -e 's/\(.\+\)/* \1/'
answer=""
while :; do
printf "> Continue? [Y,n,?] "
read -r answer
case ${answer} in
[Yy]|"" )
log_run "Active users check bypassed manually in interactive mode."
return
;;
[Nn] )
log_run "Active users check confirmed manually in interactive mode."
log_abort_and_quit "Recently active users detected: ${users_oneliner}."
;;
* )
printf "y - yes, continue\n"
printf "n - no, exit\n"
printf "? - print this help\n"
;;
esac
done
else
log_abort_and_quit "Recently active users detected: ${users_oneliner}."
fi
fi
fi
}
# Takes an NRPE command name as 1st parameter,
# and executes the full command if found in the configuration.
# Return the result and the return code of the command.
check_nrpe() {
check="$1"
nrpe_files=""
# Check if NRPE config is found
if [ -f "/etc/nagios/nrpe.cfg" ]; then
nrpe_files="${nrpe_files} /etc/nagios/nrpe.cfg"
else
msg="NRPE configuration not found: /etc/nagios/nrpe.cfg"
log_run "${msg}"
echo "${msg}"
return 3
fi
# Search for included files
# shellcheck disable=SC2086
while IFS= read -r include_file; do
nrpe_files="${nrpe_files} ${include_file}"
done < <(grep --extended-regexp '^\s*include=.+' ${nrpe_files} | cut -d = -f 2)
# Search for files in included directories
# shellcheck disable=SC2086
while IFS= read -r include_dir; do
nrpe_files="${nrpe_files} ${include_dir}/*.cfg"
done < <(grep --extended-regexp '^\s*include_dir=.+' ${nrpe_files} | cut -d = -f 2)
# Fetch uncommented commands in (sorted) config files
# shellcheck disable=SC2086
nrpe_commands=$(grep --no-filename --exclude=*~ --fixed-strings "[${check}]" ${nrpe_files} | grep --invert-match --extended-regexp '^\s*#\s*command' | cut -d = -f 2)
nrpe_commands_count=$(echo "${nrpe_commands}" | wc -l)
if is_debian_version "9" "<=" && [ "${nrpe_commands_count}" -gt "1" ]; then
# On Debian <= 9, NRPE loading was not sorted
# we need to raise an error if we have multiple defined commands
msg="Unable to determine which NRPE command to run"
log_run "${msg}"
echo "${msg}"
return 3
else
# On Debian > 9, use the last command
nrpe_command=$(echo "${nrpe_commands}" | tail -n 1)
nrpe_result=$(${nrpe_command})
nrpe_rc=$?
log_run "NRPE command (exited with ${nrpe_rc}): ${nrpe_command}"
log_run "${nrpe_result}"
echo "${nrpe_result}"
return "${nrpe_rc}"
fi
}
# An autosysadmin script must not run twice (or more) simultaneously.
# We use a customizable (with LOCK_NAME) lock file to keep track of this.
# A wait time can be configured.
#
# This can by bypassed in interactive mode.
# It's OK to lose this data after a reboot.
acquire_lock_or_exit() {
lock_file="${1:-${LOCK_FILE}}"
lock_wait="${2:-${LOCK_WAIT}}"
# lock_wait must be compatible with sleep(1), otherwise fallback to 0
if ! echo "${lock_wait}" | grep -Eq '^[0-9]+[smhd]?$'; then
log_run "Lock wait: incorrect value '${lock_wait}', fallback to 0."
lock_wait=0
fi
if [ "${lock_wait}" != "0" ] && [ -f "${lock_file}" ]; then
log_run "Lock file present. Let's wait ${lock_wait} and check again."
sleep "${lock_wait}"
fi
if [ -f "${lock_file}" ]; then
log_abort_and_quit "Lock file still present."
else
log_run "Lock file absent. Let's put one."
touch "${lock_file}"
fi
}
# If a script has been run in the ast 30 minutes, running it again won't fix the issue.
# We use a /run/ausosysadmin/${PROGNAME}_lastrun file to keep track of this.
#
# This can by bypassed in interactive mode.
# This is bypassed in debug mode.
# It's OK to lose this data after a reboot.
ensure_not_too_soon_or_exit() {
if is_debug; then
log_run "Debug mode enabled: continue without checking when was the last run."
return 0;
fi
lastrun_file="${RUN_DIR}/${PROGNAME}_lastrun"
if [ -f "${lastrun_file}" ]; then
lastrun_age="$(($(date +%s)-$(stat -c "%Y" "${lastrun_file}")))"
log_run "Last run was ${lastrun_age} seconds ago."
if [ "${lastrun_age}" -lt 1800 ]; then
if is_interactive; then
echo "${PROGNAME} was run ${lastrun_age} seconds ago."
answer=""
while :; do
printf "> Continue? [Y,n,?] "
read -r answer
case ${answer} in
[Yy]|"" )
log_run "Last run check bypassed manually in interactive mode."
break
;;
[Nn] )
log_run "Last run check confirmed manually in interactive mode."
log_abort_and_quit 'Last run too recent.'
;;
* )
printf "y - yes, continue\n"
printf "n - no, exit\n"
printf "? - print this help\n"
;;
esac
done
else
log_abort_and_quit "Last run too recent."
fi
fi
fi
touch "${lastrun_file}"
}
# Populate DEBIAN_VERSION and DEBIAN_RELEASE variables
# based on gathered information about the operating system
detect_os() {
DEBIAN_RELEASE="unknown"
DEBIAN_VERSION="unknown"
LSB_RELEASE_BIN="$(command -v lsb_release)"
if [ -e /etc/debian_version ]; then
DEBIAN_VERSION="$(cut -d "." -f 1 < /etc/debian_version)"
if [ -x "${LSB_RELEASE_BIN}" ]; then
DEBIAN_RELEASE="$("${LSB_RELEASE_BIN}" --codename --short)"
else
case "${DEBIAN_VERSION}" in
7) DEBIAN_RELEASE="wheezy" ;;
8) DEBIAN_RELEASE="jessie" ;;
9) DEBIAN_RELEASE="stretch" ;;
10) DEBIAN_RELEASE="buster" ;;
11) DEBIAN_RELEASE="bullseye" ;;
12) DEBIAN_RELEASE="bookworm" ;;
13) DEBIAN_RELEASE="trixie" ;;
esac
fi
# log_run "Detected OS: Debian version=${DEBIAN_VERSION} release=${DEBIAN_RELEASE}"
# else
# log_run "Detected OS: unknown (missing /etc/debian_version)"
fi
}
is_debian_wheezy() {
test "${DEBIAN_RELEASE}" = "wheezy"
}
is_debian_jessie() {
test "${DEBIAN_RELEASE}" = "jessie"
}
is_debian_stretch() {
test "${DEBIAN_RELEASE}" = "stretch"
}
is_debian_buster() {
test "${DEBIAN_RELEASE}" = "buster"
}
is_debian_bullseye() {
test "${DEBIAN_RELEASE}" = "bullseye"
}
is_debian_bookworm() {
test "${DEBIAN_RELEASE}" = "bookworm"
}
is_debian_trixie() {
test "${DEBIAN_RELEASE}" = "trixie"
}
is_debian_version() {
local version=$1
local relation=${2:-"eq"}
if [ -z "${DEBIAN_VERSION:-""}" ]; then
detect_os
fi
dpkg --compare-versions "${DEBIAN_VERSION}" "${relation}" "${version}"
}
# List systemd services (only names), even if stopped
systemd_list_services() {
pattern=$1
systemctl list-units --all --no-legend --type=service "${pattern}" | grep --only-matching --extended-regexp '\S+\.service'
}
is_systemd_enabled() {
systemctl --quiet is-enabled "$1" 2> /dev/null
}
is_systemd_active() {
systemctl --quiet is-active "$1" 2> /dev/null
}
is_sysvinit_enabled() {
find /etc/rc2.d/ -name "$1" > /dev/null
}
get_fqdn() {
# shellcheck disable=SC2155
local system=$(uname -s)
if [ "${system}" = "Linux" ]; then
hostname --fqdn
elif [ "${system}" = "OpenBSD" ]; then
hostname
else
log_abort_and_quit "System '${system}' not recognized."
fi
}
get_complete_hostname() {
REAL_HOSTNAME="$(get_fqdn)"
if [ "${HOSTNAME}" = "${REAL_HOSTNAME}" ]; then
echo "${HOSTNAME}"
else
echo "${HOSTNAME} (${REAL_HOSTNAME})"
fi
}
# Fetch values from evomaintenance configuration
get_evomaintenance_mail() {
grep "EVOMAINTMAIL=" /etc/evomaintenance.cf | cut -d '=' -f2
}
get_evomaintenance_emergency_mail() {
grep "URGENCYFROM=" /etc/evomaintenance.cf | cut -d '=' -f2
}
get_evomaintenance_emergency_tel() {
grep "URGENCYTEL=" /etc/evomaintenance.cf | cut -d '=' -f2
}
# Log a message to the log file in the log directory
log_run() {
local msg="${1:-$(cat /dev/stdin)}"
# shellcheck disable=SC2155
local date=$(/bin/date +"${DATE_FORMAT}")
printf "[%s] %s[%s]: %s\\n" \
"${date}" "${PROGNAME}" "${PID}" "${msg}" \
>> "${RUN_LOG_FILE}"
}
# Log a message in the system log file (syslog or journald)
log_global() {
local msg="${1:-$(cat /dev/stdin)}"
echo "${msg}" \
| /usr/bin/logger -p local0.notice -t autosysadmin
}
# Log a message in both places
log_all() {
local msg="${1:-$(cat /dev/stdin)}"
log_global "${msg}"
log_run "${msg}"
}
# Log a notable action in regular places
# and append it to the dedicated list
log_action() {
log_all "$*"
append_action "$*"
}
# Append a line in the actions.log file in the log directory
append_action() {
echo "$*" >> "${ACTIONS_FILE}"
}
# Print the content of the actions.log file
# or a fallback content (1st parameter) if empty
# shellcheck disable=SC2120
print_actions() {
local fallback=${1:-""}
if [ -s "${ACTIONS_FILE}" ]; then
cat "${ACTIONS_FILE}"
elif [ -n "${fallback}" ]; then
echo "${fallback}"
fi
}
# Log a an abort reason in regular places
# and append it to the dedicated list
log_abort() {
log_all "$*"
append_abort_reason "$*"
}
# Append a line in the abort.log file in the log directory
append_abort_reason() {
echo "$*" >> "${ABORT_FILE}"
}
# Print the content of the abort.log file
# or a fallback content (1st parameter) if empty
# shellcheck disable=SC2120
print_abort_reasons() {
local fallback=${1:-""}
if [ -s "${ABORT_FILE}" ]; then
cat "${ABORT_FILE}"
elif [ -n "${fallback}" ]; then
echo "${fallback}"
fi
}
# Print the content of the main log from the log directory
print_main_log() {
cat "${RUN_LOG_FILE}"
}
# Log an abort reason and quit the script
log_abort_and_quit() {
log_abort "$*"
quit
}
# Store the content from standard inpu
# into a file in the log directory named after the 1st parameter
save_in_log_dir() {
local file_name=$1
local file_path="${RUN_LOG_DIR}/${file_name}"
cat /dev/stdin > "${file_path}"
log_run "Saved \`${file_name}' file."
}
# Return the full path of the file in log directory
# based on the name in the 1st parameter
file_path_in_log_dir() {
echo "${RUN_LOG_DIR}/${1}"
}
format_mail_success() {
cat <<EOTEMPLATE
From: AutoSysadmin Evolix <${EMAIL_FROM}>
Content-Type: text/plain; charset=UTF-8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Script: ${PROGNAME}
X-RunId: ${RUN_ID}
To: ${EMAIL_CLIENT:-alert5@evolix.fr}
Cc: ${EMAIL_INTERNAL}
Subject: [autosysadmin] Intervention automatisée sur ${HOSTNAME_TEXT}
Bonjour,
Une intervention automatisée vient de se terminer.
Nom du serveur : ${HOSTNAME_TEXT}
Heure d'intervention : $(LC_ALL=fr_FR.utf8 date)
Script déclenché : ${PROGNAME}
### Actions réalisées
$(print_actions "Aucune")
### Réagir à cette intervention
Vous pouvez répondre à ce message (${EMAIL_FROM}).
En cas d'urgence, utilisez l'adresse ${EMERGENCY_MAIL}
ou notre ligne d'astreinte (${EMERGENCY_TEL})
--
Votre AutoSysadmin
EOTEMPLATE
}
format_mail_abort() {
cat <<EOTEMPLATE
From: AutoSysadmin Evolix <${EMAIL_FROM}>
Content-Type: text/plain; charset=UTF-8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Script: ${PROGNAME}
X-RunId: ${RUN_ID}
To: ${EMAIL_CLIENT:-alert5@evolix.fr}
Cc: ${EMAIL_INTERNAL}
Subject: [autosysadmin] Intervention automatisée interrompue sur ${HOSTNAME_TEXT}
Bonjour,
Une intervention automatisée a été déclenchée mais s'est interrompue.
Nom du serveur : ${HOSTNAME_TEXT}
Heure d'intervention : $(LC_ALL=fr_FR.utf8 date)
Script déclenché : ${PROGNAME}
### Actions réalisées
$(print_actions "Aucune")
### Raison(s) de l'interruption
$(print_abort_reasons "Inconnue")
### Réagir à cette intervention
Vous pouvez répondre à ce message (${EMAIL_FROM}).
En cas d'urgence, utilisez l'adresse ${EMERGENCY_MAIL}
ou notre ligne d'astreinte (${EMERGENCY_TEL})
--
Votre AutoSysadmin
EOTEMPLATE
}
# shellcheck disable=SC2028
print_report_information() {
echo "**Uptime**"
echo ""
uptime
echo ""
echo "**Utilisateurs récents**"
echo ""
who_file=$(file_path_in_log_dir "who-users")
if [ -s "${who_file}" ]; then
cat "${who_file}"
else
who --users
fi
echo ""
echo "**Espace disque**"
echo ""
df_file=$(file_path_in_log_dir "server-state/df.txt")
if [ -s "${df_file}" ]; then
cat "${df_file}"
else
df -h
fi
echo ""
echo "**Dmesg**"
echo ""
dmesg_file=$(file_path_in_log_dir "server-state/dmesg.txt")
if [ -s "${dmesg_file}" ]; then
tail -n 5 "${dmesg_file}"
else
dmesg | tail -n 5
fi
echo ""
echo "**systemd failed services**"
echo ""
failed_services_file=$(file_path_in_log_dir "server-state/systemctl-failed-services.txt")
if [ -s "${failed_services_file}" ]; then
cat "${failed_services_file}"
else
systemctl --no-legend --state=failed --type=service
fi
if command -v lxc-ls > /dev/null 2>&1; then
echo ""
echo "**LXC containers**"
echo ""
lxc_ls_file=$(file_path_in_log_dir "server-state/lxc-list.txt")
if [ -s "${lxc_ls_file}" ]; then
cat "${lxc_ls_file}"
else
lxc-ls --fancy
fi
fi
apache_errors_file=$(file_path_in_log_dir "apache-errors.log")
if [ -f "${apache_errors_file}" ]; then
echo ""
echo "**Apache errors**"
echo ""
cat "${apache_errors_file}"
fi
nginx_errors_file=$(file_path_in_log_dir "nginx-errors.log")
if [ -f "${nginx_errors_file}" ]; then
echo ""
echo "**Nginx errors**"
echo ""
cat "${nginx_errors_file}"
fi
}
format_mail_internal() {
cat <<EOTEMPLATE
From: AutoSysadmin Evolix <${EMAIL_FROM}>
Content-Type: text/plain; charset=UTF-8
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Script: ${PROGNAME}
X-RunId: ${RUN_ID}
To: ${EMAIL_INTERNAL}
Subject: [autosysadmin] Rapport interne d'intervention sur ${HOSTNAME_TEXT}
Bonjour,
Une intervention automatique vient de se terminer.
Nom du serveur : ${HOSTNAME_TEXT}
Heure d'intervention : $(LC_ALL=fr_FR.utf8 date)
Script déclenché : ${PROGNAME}
### Actions réalisées
$(print_actions "Aucune")
### Raison(s) de l'interruption
$(print_abort_reasons "Aucune")
### Log autosysadmin
$(print_main_log)
### Informations additionnelles
$(print_report_information)
--
Votre AutoSysadmin
EOTEMPLATE
}
# Generic function to send emails at the end of the script.
# Takes a template as 1st parameter
hook_mail() {
if is_debug; then
log_run "Debug mode enabled: continue without sending mail."
return 0;
fi
HOSTNAME="${HOSTNAME:-"$(get_fqdn)"}"
HOSTNAME_TEXT="$(get_complete_hostname)"
EMAIL_CLIENT="$(get_evomaintenance_mail)"
EMERGENCY_MAIL="$(get_evomaintenance_emergency_mail)"
EMERGENCY_TEL="$(get_evomaintenance_emergency_tel)"
MAIL_CONTENT="$(format_mail_"$1")"
SENDMAIL_BIN="$(command -v sendmail)"
if [ -z "${SENDMAIL_BIN}" ]; then
log_global "ERROR: No \`sendmail' command has been found, can't send mail."
fi
if [ -x "${SENDMAIL_BIN}" ]; then
echo "${MAIL_CONTENT}" | "${SENDMAIL_BIN}" -oi -t -f "equipe@evolix.fr"
log_global "Sent '$1' mail for RUN_ID: ${RUN_ID}"
fi
}
is_holiday() {
# gcal mark today as a holiday by surrounding with < and > the day
# of the month of that holiday line. For example if today is 2022-05-01 we'll
# get among other lines:
# Fête du Travail (FR) + Di, < 1>Mai 2022
# Jour de la Victoire (FR) + Di, : 8:Mai 2022 = +7 jours
LANGUAGE=fr_FR.UTF-8 TZ=Europe/Paris gcal --cc-holidays=fr --holiday-list=short | grep -E '<[0-9 ]{2}>' --quiet
}
is_weekend() {
day_of_week=$(date +%u)
if [ "${day_of_week}" != 6 ] && [ "${day_of_week}" != 7 ]; then
return 1
fi
}
is_workday() {
if is_holiday || is_weekend; then
return 1
fi
}
is_worktime() {
if ! is_workday; then
return 1
fi
hour=$(date +%H)
if [ "${hour}" -lt 9 ] || { [ "${hour}" -ge 12 ] && [ "${hour}" -lt 14 ] ; } || [ "${hour}" -ge 18 ]; then
return 1
fi
}

View File

@ -0,0 +1,112 @@
#!/bin/bash
# Specific functions for "repair" scripts
is_all_repair_disabled() {
# Fetch values from the config
# and if it is not defined or has no value, then assign "on"
local status=${repair_all:=on}
test "${status}" = "off" || test "${status}" = "0"
}
is_current_repair_disabled() {
# Fetch values from the config
# and if it is not defined or has no value, then assign "on"
local status=${!PROGNAME:=on}
test "${status}" = "off" || test "${status}" = "0"
}
ensure_not_disabled_or_exit() {
if is_all_repair_disabled; then
log_global 'All repair scripts are disabled.'
exit 0
fi
if is_current_repair_disabled; then
log_global "Current repair script (${PROGNAME}) is disabled."
exit 0
fi
}
# Set of actions to do at the begining of a "repair" script
pre_repair() {
initialize
# Are we supposed to run?
ensure_not_disabled_or_exit
# Has it recently been run?
ensure_not_too_soon_or_exit
# Can we acquire a lock?
acquire_lock_or_exit
# Is there any active user?
ensure_no_active_users_or_exit
# Save important information
save_server_state
}
# Set of actions to do at the end of a "repair" script
post_repair() {
quit
}
repair_lxc_php() {
container_name=$1
if is_systemd_enabled 'lxc.service'; then
lxc_path=$(lxc-config lxc.lxcpath)
if lxc-info --name "${container_name}" > /dev/null; then
rootfs="${lxc_path}/${container_name}/rootfs"
case "${container_name}" in
php56) fpm_log_file="${rootfs}/var/log/php5-fpm.log" ;;
php70) fpm_log_file="${rootfs}/var/log/php7.0-fpm.log" ;;
php73) fpm_log_file="${rootfs}/var/log/php7.3-fpm.log" ;;
php74) fpm_log_file="${rootfs}/var/log/php7.4-fpm.log" ;;
php80) fpm_log_file="${rootfs}/var/log/php8.0-fpm.log" ;;
php81) fpm_log_file="${rootfs}/var/log/php8.1-fpm.log" ;;
php82) fpm_log_file="${rootfs}/var/log/php8.2-fpm.log" ;;
php83) fpm_log_file="${rootfs}/var/log/php8.3-fpm.log" ;;
*)
log_abort_and_quit "Unknown container '${container_name}'"
;;
esac
# Determine FPM Pool path
php_path_pool=$(find "${lxc_path}/${container_name}/" -type d -name "pool.d")
# Save LXC info (before restart)
lxc-info --name "${container_name}" | save_in_log_dir "lxc-${container_name}.before.status"
# Save last lines of FPM log (before restart)
tail "${fpm_log_file}" | save_in_log_dir "$(basename "${fpm_log_file}" | sed -e 's/.log/.before.log/')"
# Save NRPE check (before restart)
/usr/local/lib/nagios/plugins/check_phpfpm_multi "${php_path_pool}" | save_in_log_dir "check_fpm_${container_name}.before.out"
lxc-stop --timeout 20 --name "${container_name}"
lxc-start --daemon --name "${container_name}"
rc=$?
if [ "${rc}" -eq "0" ]; then
log_all "Restart LXC container '${container_name}: OK"
else
log_all "Restart LXC container '${container_name}: failed"
fi
# Save LXC info (after restart)
lxc-info --name "${container_name}" | save_in_log_dir "lxc-${container_name}.after.status"
# Save last lines of FPM log (after restart)
tail "${fpm_log_file}" | save_in_log_dir "$(basename "${fpm_log_file}" | sed -e 's/.log/.after.log/')"
# Save NRPE check (after restart)
/usr/local/lib/nagios/plugins/check_phpfpm_multi "${php_path_pool}" | save_in_log_dir "check_fpm_${container_name}.after.out"
else
log_abort_and_quit "LXC container '${container_name}' doesn't exist."
fi
else
log_abort_and_quit 'LXC not found.'
fi
}

View File

@ -0,0 +1,76 @@
#!/bin/bash
# Specific functions for "restart" scripts
running_custom() {
# Placeholder that returns 1, to prevent running if not redefined
log_global "running_custom() function has not been redefined! Let's quit."
return 1
}
# Examine RUNNING variable and decide if the script should run or not
is_supposed_to_run() {
if is_debug; then return 0; fi
case ${RUNNING} in
never)
# log_global "is_supposed_to_run: no (never)"
return 1
;;
always)
# log_global "is_supposed_to_run: yes (always)"
return 0
;;
nwh-fr)
! is_worktime
rc=$?
# if [ ${rc} -eq 0 ]; then
# log_global "is_supposed_to_run: yes (nwh-fr returned ${rc})"
# else
# log_global "is_supposed_to_run: no (nwh-fr returned ${rc})"
# fi
return ${rc}
;;
nwh-ca)
# Not implemented yet
return 0
;;
custom)
running_custom
rc=$?
# if [ ${rc} -eq 0 ]; then
# log_global "is_supposed_to_run: yes (custom returned ${rc})"
# else
# log_global "is_supposed_to_run: no (custom returned ${rc})"
# fi
return ${rc}
;;
esac
}
ensure_supposed_to_run_or_exit() {
if ! is_supposed_to_run; then
# simply quit (no logging, no notifications…)
# log_global "${PROGNAME} is not supposed to run (RUNNING=${RUNNING})."
exit 0
fi
}
# Set of actions to do at the begining of a "restart" script
pre_restart() {
initialize
# Has it recently been run?
ensure_not_too_soon_or_exit
# Can we acquire a lock?
acquire_lock_or_exit
# Save important information
save_server_state
}
# Set of actions to do at the end of a "restart" script
post_restart() {
quit
}

View File

@ -0,0 +1,157 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
# We always keep some reserved blocks to avoid missing some logs
# https://gitea.evolix.org/evolix/autosysadmin/issues/22
RESERVED_BLOCKS_MIN=1
get_mountpoints() {
# the $(...) get the check_disk1 command
# the cut command selects the critical part of the check_disk1 output
# the grep command extracts the mountpoints and available disk space
# the last cut command selects the mountpoints
check_disk1_command=$(grep check_disk1 /etc/nagios/nrpe.d/evolix.cfg | cut -d'=' -f2-)
${check_disk1_command} -e | cut -d'|' -f1 | grep --extended-regexp --only-matching '/[[:graph:]]* [0-9]+ [A-Z][A-Z]' | cut -d' ' -f1
}
is_reserved_blocks_nominal() {
partition=${1}
fs_type="$(findmnt -n --output=fstype "${partition}")"
if [ "${fs_type}" = "ext4" ]; then
device="$(findmnt -n --output=source "${partition}")"
reserved_block_count="$(tune2fs -l "${device}" | grep 'Reserved block count' | awk -F':' '{ gsub (" ", "", $0); print $2}')"
block_count="$(tune2fs -l "${device}" | grep 'Block count' | awk -F':' '{ gsub (" ", "", $0); print $2}')"
percentage=$(awk "BEGIN { pc=100*${reserved_block_count}/${block_count}; i=int(pc); print (pc-i<0.5)?i:i+1 }")
log_run "Reserved blocks for ${partition} is currently at ${percentage}%"
if [ "${percentage}" -gt "${RESERVED_BLOCKS_MIN}" ]; then
log_run "Allowing tune2fs action to reduce the number of reserved blocks"
return 0
else
log_run "Reserved blocks already at or bellow ${RESERVED_BLOCKS_MIN}%, no automatic action possible"
return 1
fi
else
log_run "Filesystem for ${partition} (${fs_type}) is incompatible with reserved block reduction."
return 1
fi
}
reduce_reserved_blocks() {
partition=${1}
device=$(findmnt -n --output=source "${partition}")
tune2fs -m "${RESERVED_BLOCKS_MIN}" "${device}"
log_action "Reserved blocks for ${partition} changed to ${RESERVED_BLOCKS_MIN} percent"
}
is_tmp_to_delete() {
size="$(find /var/log/ -type f -ctime +1 -exec du {} \+ | awk '{s+=$1}END{print s / 1024}')"
if [ -n "${size}" ]; then
return 0
else
return 1
fi
}
is_log_to_delete() {
size="$(find /var/log/ -type f -mtime +365 -exec du {} \+ | awk '{s+=$1}END{print s / 1024}')"
if [ -n "${size}" ]; then
return 0
else
return 1
fi
}
clean_apt_cache() {
for container in $(lxc-ls -1); do
if [ -e "$(lxc-config lxc.lxcpath)/${container}/rootfs/var/cache" ]; then
lxc-attach --name "${container}" -- apt-get clean
log_action "Clean apt cache in LXC container ${container}";
fi
done
# NOTE: "head -n 1" might be superfluous, but let's be sure to have only the first returned value
biggest_subdir=$(du --summarize --one-file-system "/var/*" | sort --numeric-sort --reverse | sed 's/^[0-9]\+[[:space:]]\+//;q' | head -n 1)
case "${biggest_subdir}" in
'/var/cache')
apt-get clean
log_action 'Clean apt cache'
;;
esac
}
clean_amavis_virusmails() {
if du --inodes /var/lib/* | sort --numeric-sort | tail -n 3 | grep --quiet 'virusmails$'; then
find /var/lib/amavis/virusmails/ -type f -atime +30 -delete
log_action 'Clean amavis infected mails'
fi
}
critical_mountpoints=$(get_mountpoints)
if [ -z "${critical_mountpoints}" ]; then
log_abort_and_quit "No partition is in critical state, nothing left to do."
else
for mountpoint in ${critical_mountpoints}; do
case "${mountpoint}" in
/var)
#if is_log_to_delete
#then
# find /var/log/ -type f -mtime +365 -delete
# log_action "$size Mo of disk space freed in /var"
#fi
if is_reserved_blocks_nominal /var; then
reduce_reserved_blocks /var
clean_apt_cache
clean_amavis_virusmails
fi
;;
/tmp)
#if is_tmp_to_delete
#then
# find /tmp/ -type f -ctime +1 -delete
# log_action "$size Mo of disk space freed in /tmp"
#fi
if is_reserved_blocks_nominal /tmp; then
reduce_reserved_blocks /tmp
fi
;;
/home)
if is_reserved_blocks_nominal /home; then
reduce_reserved_blocks /home
fi
;;
/srv)
if is_reserved_blocks_nominal /srv; then
reduce_reserved_blocks /srv
fi
;;
/filer)
if is_reserved_blocks_nominal /filer; then
reduce_reserved_blocks /filer
fi
;;
/)
if is_reserved_blocks_nominal /; then
reduce_reserved_blocks /
# Suggest remove old kernel ?
fi
;;
*)
# unknown
log_run 'Unknown partition (or weird case) or nothing to do'
;;
esac
done
fi
post_repair

View File

@ -0,0 +1,35 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
service="elasticsearch.service"
service_name="elasticsearch"
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_abort_and_quit "${service} is active, nothing left to do."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
fi
else
log_abort_and_quit "${service} is disabled (or missing), nothing left to do."
fi
post_repair

View File

@ -0,0 +1,131 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
## Apache
service="apache2.service"
service_name="apache2"
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_all "${service} is active. Skip."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# check syntax
if apache2ctl -t > /dev/null 2>&1; then
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
# Save error logs
date=$(LANG=en_US.UTF-8 date '+%b %d')
grep "${date}" /home/*/log/error.log /var/log/apache2/*error.log \
| grep -v \
-e "Got error 'PHP message:" \
-e "No matching DirectoryIndex" \
-e "client denied by server configuration" \
-e "server certificate does NOT include an ID which matches the server name" \
| save_in_log_dir "apache-errors.log"
else
log_action "Restart ${service_name}: skip (invalid configuration)"
fi
fi
else
log_all "${service} is disabled (or missing). Skip."
fi
## Nginx
service="nginx.service"
service_name="nginx"
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_all "${service} is active. Skip."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# check syntax
if nginx -t > /dev/null 2>&1; then
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
# Save error logs
### Consider doing for Nginx the same as Apache
else
log_action "Restart ${service_name}: skip (invalid configuration)"
fi
fi
else
log_all "${service} is disabled (or missing). Skip."
fi
## LXC
if is_systemd_enabled 'lxc.service'; then
for container in $(lxc-ls -1 | grep --fixed-strings 'php' | grep --extended-regexp --invert-match --regexp '\bold\b' --regexp '\bdisabled\b'); do
repair_lxc_php "${container}"
done
else
log_all "LXC is disabled (or missing). Skip."
fi
## FPM
fpm_services=$(systemd_list_services 'php*-fpm*')
if [ -n "${fpm_services}" ]; then
for service in ${fpm_services}; do
service_name="${service//.service/}"
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_all "${service} is active. Skip."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
fi
else
log_all "${service} is disabled (or missing). Skip."
fi
done
else
log_all "PHP FPM not found. Skip."
fi
post_repair

View File

@ -0,0 +1,69 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
if is_debian_version "8" "<="; then
if is_sysvinit_enabled '*mysql*'; then
if ! pgrep -u mysql mysqld > /dev/null; then
# Save service status before restart
timeout 2 mysqladmin status 2>&1 | save_in_log_dir "mysql.before.status"
timeout 20 /etc/init.d/mysql restart > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart mysql: OK"
else
log_action "Restart mysql: failed"
fi
# Save service status after restart
timeout 2 mysqladmin status 2>&1 | save_in_log_dir "mysql.after.status"
else
log_abort_and_quit "mysqld process alive. Aborting"
fi
else
log_abort_and_quit "MySQL not enabled. Aborting"
fi
else
if is_debian_version "12" ">="; then
service="mariadb.service"
service_name="mariadb"
else
service="mysql.service"
service_name="mysql"
fi
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_abort_and_quit "${service} is active, nothing left to do."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
fi
else
log_abort_and_quit "${service} is disabled (or missing), nothing left to do."
fi
fi
post_repair

View File

@ -0,0 +1,35 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
service="opendkim.service"
service_name="opendkim"
if is_systemd_enabled "${service}"; then
if is_systemd_active "${service}"; then
log_abort_and_quit "${service} is active, nothing left to do."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
fi
else
log_abort_and_quit "${service} is disabled (or missing). Abort."
fi
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php56
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php70
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php73
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php74
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php80
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php81
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php82
post_repair

View File

@ -0,0 +1,14 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
LOCK_WAIT="15s"
LOCK_NAME="repair_http"
pre_repair
repair_lxc_php php83
post_repair

View File

@ -0,0 +1,32 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
for service in $(systemd_list_services 'redis-server*'); do
service_name="${service//.service/}"
if is_systemd_active "${service}"; then
log_all "${service} is active. Skip."
else
# Save service status before restart
systemctl status "${service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK."
else
log_action "Restart ${service_name}: failed."
fi
# Save service status after restart
systemctl status "${service}" | save_in_log_dir "${service_name}.after.status"
fi
done
post_repair

View File

@ -0,0 +1,34 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
pre_repair
repair_tomcat_instance_handle_tomcat() {
if /bin/su - "${1}" -c "/bin/systemctl --quiet --user is-active tomcat.service" ; then
if ! /bin/su - "${1}" -c "/usr/bin/timeout 20 /bin/systemctl --quiet --user restart tomcat.service"
then
log_abort_and_quit "Echec de redémarrage instance tomcat utilisateur ${1}"
else
log_action "Redémarrage instance tomcat utilisateur ${1}"
fi
elif /bin/systemctl --quiet is-active "${1}".service ; then
if ! /usr/bin/timeout 20 systemctl --quiet restart "${1}".service
then
log_abort_and_quit "Echec de redémarrage instance tomcat ${1}"
else
log_action "Redémarrage instance tomcat ${1}"
fi
fi
}
for instance in $( /usr/local/lib/nagios/plugins/check_tomcat_instance.sh |grep CRITICAL |awk '{print $3}' |sed '1d') ;
do
repair_tomcat_instance_handle_tomcat "${instance}"
done
post_repair

View File

@ -0,0 +1,41 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/repair.sh" || exit 1
## Custom lock wait and/or lock name
# LOCK_WAIT="15s"
# LOCK_NAME="repair_http"
pre_repair
## The name of the service, mainly for logging
service_name="example"
## The systemd service name
systemd_service="${service_name}.service"
if is_systemd_enabled "${systemd_service}"; then
if is_systemd_active "${systemd_service}"; then
log_abort_and_quit "${systemd_service} is active, nothing left to do."
else
# Save service status before restart
systemctl status "${systemd_service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 systemctl restart "${systemd_service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${systemd_service}" | save_in_log_dir "${service_name}.after.status"
fi
else
log_abort_and_quit "${service_name} is disabled (or missing), nothing left to do."
fi
post_repair

View File

@ -0,0 +1,19 @@
Autosysadmin "restart auto" scripts
===================================
In this directory you can place scripts that will be executed automatically by a cron job (stored in `/etc/cron.d/autosysadmin`).
They must satisfy the default `run-parts(8)` constraints :
* be "executable"
* belong to the Debian cron script namespace (`^[a-zA-Z0-9_-]+$`), example: `restart_amavis`
Warning: scripts that do not satisfy those criteria will NOT be run (silently)!
You can print the names of the scripts which would be run, without actually running them, with this command :
```
$ run-parts --test /usr/share/scripts/autosysadmin/restart
```
You can use `zzz-restart_example.template` as boilerplate code to make your own "restart" script.

View File

@ -0,0 +1,120 @@
#!/bin/bash
: "${AUTOSYSADMIN_LIB:=/usr/local/lib/autosysadmin}"
source "${AUTOSYSADMIN_LIB}/common.sh" || exit 1
source "${AUTOSYSADMIN_LIB}/restart.sh" || exit 1
# shellcheck disable=SC2034
RUNNING="nwh-fr"
## Possible values for RUNNING :
## never => disabled
## always => enabled
## nwh-fr => enabled during non-working-hours in France
## nwh-ca => enabled during non-working-hours in Canada (not supported yet)
## custom => enabled if `running_custom()` function returns 0, otherwise disabled.
## Uncomment and customize this method if you want to have a special logic :
##
## return 1 if we should not run
## return 0 if we should run
##
## Some available functions :
## is_weekend() : Saturday or Sunday
## is_holiday() : holiday in France (based on `gcal(1)`)
## is_workday() : not weekend and not holiday
## is_worktime() : work day between 9-12h and 14-18h
#
# running_custom() {
# # implement your own custom method to decide if we should run or not
# }
## The name of the service, mainly for logging
service_name="example"
## The SysVinit script name
sysvinit_script="${service_name}"
## The systemd service name
systemd_service="${service_name}.service"
is_service_alive() {
## this must return 0 if the service is alive, otherwise return 1
## Example:
pgrep -u USER PROCESS_NAME > /dev/null
}
## Action for SysVinit system
sysvinit_action() {
# Save service status before restart
timeout 2 "/etc/init.d/${sysvinit_script}" status | save_in_log_dir "${service_name}.before.status"
# Try to restart
timeout 20 "/etc/init.d/${sysvinit_script}" restart > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
timeout 2 "/etc/init.d/${sysvinit_script}" status | save_in_log_dir "${service_name}.after.status"
}
## Action for systemd system
systemd_action() {
# Save service status before restart
systemctl status "${systemd_service}" | save_in_log_dir "${service_name}.before.status"
# Try to restart
# systemctl (only for NRPE ?) sometimes returns 0 even if the service has failed to start
# so we check the status explicitly
timeout 20 systemctl restart "${systemd_service}" > /dev/null \
&& sleep 1 \
&& systemctl status "${systemd_service}" > /dev/null
rc=$?
if [ "${rc}" -eq "0" ]; then
log_action "Restart ${service_name}: OK"
else
log_action "Restart ${service_name}: failed"
fi
# Save service status after restart
systemctl status "${systemd_service}" | save_in_log_dir "${service_name}.after.status"
}
# Should we run?
if ! is_supposed_to_run; then
# log_global "${PROGNAME} is not supposed to run (RUNNING=${RUNNING})."
exit 0
fi
if is_service_alive; then
# log_global "${service_name} process alive. Aborting"
exit 0
fi
# Yes we do, so check for sysvinit or systemd
if is_debian_version "8" "<="; then
if ! is_sysvinit_enabled "*${sysvinit_script}*"; then
# log_global "${service_name} not enabled. Aborting"
exit 0
fi
# Let's finally do the action
pre_restart
sysvinit_action
post_restart
else
if ! is_systemd_enabled "${systemd_service}"; then
# log_global "${service_name} is disabled (or missing), nothing left to do."
exit 0
fi
if is_systemd_active "${systemd_service}"; then
# log_global "${service_name} is active, nothing left to do."
exit 0
fi
# Let's finally do the action
pre_restart
systemd_action
post_restart
fi

View File

@ -0,0 +1,16 @@
---
- name: restart nagios-nrpe-server
service:
name: nagios-nrpe-server
state: restarted
- name: restart nrpe
service:
name: nrpe
state: restarted
- name: restart rsyslog
service:
name: rsyslog
state: restarted

View File

@ -0,0 +1,25 @@
---
- name: "Add begin marker if missing"
ansible.builtin.lineinfile:
path: "/etc/cron.d/autosysadmin"
line: "# BEGIN ANSIBLE MANAGED SECTION FOR AUTOSYSADMIN"
insertbefore: BOF
create: yes
- name: "Add end marker if missing"
ansible.builtin.lineinfile:
path: "/etc/cron.d/autosysadmin"
line: "# END ANSIBLE MANAGED SECTION FOR AUTOSYSADMIN"
insertbefore: "EOF"
create: yes
- name: "Create config if missing"
ansible.builtin.blockinfile:
path: "/etc/cron.d/autosysadmin"
marker: "# {mark} ANSIBLE MANAGED SECTION FOR AUTOSYSADMIN"
block: "{{ lookup('ansible.builtin.template', '../templates/autosysadmin.cron.j2') }}"
owner: root
group: root
mode: "0750"
create: yes

View File

@ -0,0 +1,4 @@
---
- name: Install gcal
ansible.builtin.apt:
name: gcal

View File

@ -0,0 +1,114 @@
---
- name: "Remount /usr if needed"
ansible.builtin.include_role:
name: remount-usr
- name: Previous autosysadmin restart directory is renamed
command:
cmd: mv "/usr/share/scripts/autosysadmin/auto" "{{ autosysadmin_agent_auto_dir }}"
removes: "/usr/share/scripts/autosysadmin/auto"
creates: "{{ autosysadmin_agent_auto_dir }}"
- name: Create autosysadmin directories
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "root"
group: "root"
mode: "0750"
loop:
- "{{ autosysadmin_agent_bin_dir }}"
- "{{ autosysadmin_agent_lib_dir }}"
- "{{ autosysadmin_agent_auto_dir }}"
- name: Copy libraries
ansible.builtin.copy:
src: "upstream/lib/"
dest: "{{ autosysadmin_agent_lib_dir }}/"
owner: root
group: root
mode: "0750"
- name: Copy repair scripts
ansible.builtin.copy:
src: "upstream/repair/"
dest: "{{ autosysadmin_agent_bin_dir }}/"
owner: root
group: root
mode: "0750"
- name: Copy other utilities
ansible.builtin.copy:
src: "upstream/bin/"
dest: "{{ autosysadmin_agent_bin_dir }}/"
owner: root
group: root
mode: "0750"
### WARNING: thos files are explicitly marked as non-executable
### to prevent them from being run automatically by run-parts
- name: Copy restart scripts
ansible.builtin.copy:
src: "upstream/restart/"
dest: "{{ autosysadmin_agent_auto_dir }}/"
owner: root
group: root
mode: "0640"
- name: Ensure /etc/evolinux folder exists
ansible.builtin.file:
path: "/etc/evolinux"
state: directory
owner: "root"
group: "root"
mode: "0700"
- name: Copy the configuration file if missing
ansible.builtin.template:
src: "autosysadmin.cf.j2"
dest: "/etc/evolinux/autosysadmin"
owner: root
group: root
mode: "0640"
force: no
# Repair scripts are supposed to be 'on' by default
# A line "repair_XXX=off" is added to the file only if the script is to be disabled.
# That's why all the ternary logic for the state is reversed.
- name: Update value per variable
ansible.builtin.lineinfile:
dest: "/etc/evolinux/autosysadmin"
line: "{{ item }}={{ autosysadmin_config[item] | default(true) | bool | ternary('on', 'off') }}"
regexp: '^(#\s*)?{{ item }}=.*'
state: "{{ autosysadmin_config[item] | default(true) | bool | ternary('absent', 'present') }}"
register: _line
loop: "{{ autosysadmin_repair_scripts | union(['repair_all']) }}"
- name: Ensure restart folder exists
ansible.builtin.file:
path: "auto"
state: directory
owner: "root"
group: "root"
mode: "0700"
- name: Legacy scripts are removed
ansible.builtin.file:
path: "{{ general_scripts_dir }}/autosysadmin/{{ item }}"
state: absent
loop:
- repair_amavis.sh
- repair_disk.sh
- repair_elasticsearch.sh
- repair_http.sh
- repair_mysql.sh
- repair_opendkim.sh
- repair_php_fpm56.sh
- repair_php_fpm70.sh
- repair_php_fpm73.sh
- repair_php_fpm74.sh
- repair_php_fpm80.sh
- repair_php_fpm81.sh
- repair_redis.sh
- repair_tomcat_instance.sh

View File

@ -0,0 +1,8 @@
---
- name: Copy logrotate configuration for autosysadmin
ansible.builtin.copy:
src: "files/autosysadmin.logrotate.conf"
dest: "/etc/logrotate.d/autosysadmin"
owner: root
group: root
mode: "0644"

View File

@ -0,0 +1,31 @@
---
- name: The list of all repair scripts is composed.
set_fact:
autosysadmin_repair_scripts: "{{ lookup('ansible.builtin.fileglob', '../../../autosysadmin/agent/repair/repair_*', wantlist=True) | map('basename') | sort }}"
- name: Install dependencies
ansible.builtin.include_tasks: dependencies.yml
- name: Install autosysadmin
ansible.builtin.include_tasks: install.yml
- name: Crontab configuration
ansible.builtin.include_tasks: crontab.yml
- name: NRPE configuration
ansible.builtin.include_tasks: nrpe.yml
- name: sudo configuration
ansible.builtin.include_tasks: sudo.yml
- name: rsyslog configuration
ansible.builtin.include_tasks: rsyslog.yml
- name: logrotate configuration
ansible.builtin.include_tasks: logrotate.yml
- name: Install latest version of dump-server-state
ansible.builtin.include_role:
name: evolinux-base
tasks_from: dump-server-state.yml

View File

@ -0,0 +1,9 @@
---
- name: custom configuration is present
ansible.builtin.template:
src: autosysadmin.nrpe.cfg.j2
dest: /etc/nagios/nrpe.d/autosysadmin.cfg
group: nagios
mode: "0640"
force: yes
notify: restart nagios-nrpe-server

View File

@ -0,0 +1,9 @@
---
- name: Copy rsyslog configuration for autosysadmin
ansible.builtin.copy:
src: "files/autosysadmin.rsyslog.conf"
dest: "/etc/rsyslog.d/autosysadmin.conf"
owner: root
group: root
mode: "0644"
notify: restart rsyslog

View File

@ -0,0 +1,7 @@
---
- name: Add autosysadmin sudoers file
ansible.builtin.template:
src: autosysadmin.sudoers.j2
dest: /etc/sudoers.d/autosysadmin
mode: "0600"
validate: "visudo -cf %s"

View File

@ -0,0 +1,12 @@
# This configuration is partially managed by Ansible
# You can change specific values manually, but they may be overridden by Ansible
#
# To be safe, update the hosts_vars/group_vars in the autosysadmin project
# https://gitea.evolix.org/evolix/autosysadmin/src/branch/master
# then use the "agent" playbook to deploy.
#
# Configuration for autosysadmin
# Use this file to change configuration values defined in repair scripts
# To disable all repair scripts : repair_all=off
# To disable "repair_http" : repair_http=off
#

View File

@ -0,0 +1,7 @@
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# Run each enabled script
*/5 * * * * root run-parts /usr/share/scripts/autosysadmin/restart
# Clean run log files
@weekly root {{ autosysadmin_agent_bin_dir | mandatory }}/delete_old_logs.sh {{ autosysadmin_agent_log_retention_days | default('365') }}

View File

@ -0,0 +1,8 @@
#
# Ansible managed - DO NOT MODIFY, your changes will be overwritten !
#
# Autosysadmin repair commands
{% for script in lookup('ansible.builtin.fileglob', '../../../autosysadmin/agent/repair/repair_*', wantlist=True) | map("basename") | sort %}
command[{{ script }}]=sudo {{ autosysadmin_agent_bin_dir }}/{{ script }}
{% endfor %}

View File

@ -0,0 +1,7 @@
#
# Ansible managed - DO NOT MODIFY, your changes will be overwritten !
#
{% for script in lookup('ansible.builtin.fileglob', '../../../autosysadmin/agent/repair/repair_*', wantlist=True) | map("basename") | sort %}
nagios ALL = NOPASSWD: {{ autosysadmin_agent_bin_dir }}/{{ script }}
{% endfor %}

Some files were not shown because too many files have changed in this diff Show More