Release 22.12 #165

Merged

jlecour merged 76 commits from unstable into stable 2022-12-14 12:02:46 +01:00

Conversation 0 Commits 76 Files changed 121 +5581 -696

jlecour commented 2022-12-14 11:40:21 +01:00

Owner

Copy link

Added

• all: add signed-by option for additional APT sources
• all: preliminary work to support Debian 12
• all: use proper keyrings directory for APT version
• evolinux-base: replace regular kernel by cloud kernel on virtual servers
• lxc-php: set php-fpm umask to 007
• nagios-nrpe: check_ceph_*
• nagios-nrpe: check_haproxy_stats supports DRAIN status
• packweb-apache: enable log_forensic module
• rabbitmq: add link in default page
• varnish: create special tmp directory for syntax validation

Changed

• certbot: auto-detect HAPEE version in renewal hook
• evocheck: install script according to Debian version
• evolinux-base: utils.yml can be excluded
• evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
• evolinux-user: add sudoers privilege for check php_fpm81
• evomaintenance: allow missing API endpoint if APi is disabled
• java: use default JRE package when version is not specified
• keepalived: change exit code (warning if running but not on expected state ; critical if not running)
• listupgrade: better detection for PostgreSQL
• listupgrade: sort/uniq of packages/services lists in email template
• lxc-solr: detect the real partition options
• lxc-solr: download URL according to Solr Version
• lxc-solr: set homedir and port at install
• minifirewall: whitelist deb.freexian.com
• openvpn: shellpki upstream release 22.12.2
• openvpn: specifies that the mail for expirations is for OpenVPN
• packweb-apache: manual dependencies resolution
• redis: some values should be quoted
• redis: variable to disable transparent hugepage (default: do nothing)
• squid: whitelist deb.freexian.com
• varnish: better package facts usage with check mode and tags
• varnish: systemd override depends on Varnish version instead of Debian version

Fixed

• evolinux-user: Fix sudoers privilege for check php_fpm80
• nagios-nrpe: Fix check opendkim for recent change in listening port
• openvpn: Fix mode of shellpki script
• proftpd: Fix format of public key files controlled by Ansible
• proftpd: Fix mode of public key directory and files (they have to be accessible by proftpd:nobody)
• varnish: fix missing state, that blocked the task

Removed

• openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream

### Added * all: add signed-by option for additional APT sources * all: preliminary work to support Debian 12 * all: use proper keyrings directory for APT version * evolinux-base: replace regular kernel by cloud kernel on virtual servers * lxc-php: set php-fpm umask to `007` * nagios-nrpe: `check_ceph_*` * nagios-nrpe: `check_haproxy_stats` supports DRAIN status * packweb-apache: enable `log_forensic` module * rabbitmq: add link in default page * varnish: create special tmp directory for syntax validation ### Changed * certbot: auto-detect HAPEE version in renewal hook * evocheck: install script according to Debian version * evolinux-base: `utils.yml` can be excluded * evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions) * evolinux-user: add sudoers privilege for check `php_fpm81` * evomaintenance: allow missing API endpoint if APi is disabled * java: use default JRE package when version is not specified * keepalived: change exit code (_warning_ if running but not on expected state ; _critical_ if not running) * listupgrade: better detection for PostgreSQL * listupgrade: sort/uniq of packages/services lists in email template * lxc-solr: detect the real partition options * lxc-solr: download URL according to Solr Version * lxc-solr: set homedir and port at install * minifirewall: whitelist deb.freexian.com * openvpn: shellpki upstream release 22.12.2 * openvpn: specifies that the mail for expirations is for OpenVPN * packweb-apache: manual dependencies resolution * redis: some values should be quoted * redis: variable to disable transparent hugepage (default: do nothing) * squid: whitelist `deb.freexian.com` * varnish: better package facts usage with check mode and tags * varnish: systemd override depends on Varnish version instead of Debian version ### Fixed * evolinux-user: Fix sudoers privilege for check `php_fpm80` * nagios-nrpe: Fix check opendkim for recent change in listening port * openvpn: Fix mode of shellpki script * proftpd: Fix format of public key files controlled by Ansible * proftpd: Fix mode of public key directory and files (they have to be accessible by `proftpd:nobody`) * varnish: fix missing state, that blocked the task ### Removed * openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream

jlecour added 74 commits 2022-12-14 11:40:22 +01:00

26f9d171a4 lxc-solr: detect the real partition options

46deb04005 lxc-solr: choose java package and download URL according to Solr Version

d52ab34f4f * lxc-solr : add comments

6aeaab078d lxc-solr: set homedir and port at install

792d1170ab java: use default JRE when version is not specified

c6fb24f7d8 lxc-solr: use default JRE package

8e1b682ccc squid: whitelist deb.freexian.com

15d7756881 minifirewall: whitelist deb.freexian.com

8114f7c89b mongodb: Allow to install version 5.0 on Bullseye

4f9d6868e0

evolinux-user: sudoers privileges for check php\fpm80 and 81

2d16aeb41e evolinux-base: utils.yml can be excluded

05e782c6f8 evolinux-base: remove deprecated tasks files

6be2ff3b48 evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)

f71075d4ef evolinux-base: replace regular kernel by cloud kernel on virtual servers

ed4fdce58c clean duplicate

fc52fbf4bc redis: some values should be quoted ...

When Redis overwrites its own config, it uses quoted string values, so it's better to do the same to avoid changes.

554c086b79 redis: variable to disable transparent hugepage (default: do nothing)

857b3e0e45 nagios-nrpe: check_haproxy_stats supports DRAIN status

2692ac5661 Ajoute l'umask 0007 au service php-fpm

18fb89234c lxc-php: restart container instead of reload after php-fpm unit's umask change.

912cec5a78 lxc-php: update changelog.

b1138c07ee lxc-php: Fix register instruction in wrong order and indentation

4d259d3c04 varnish: systemd override depends on Varnish ...

Use Varnish version instead of Debian version to choose systemd override template, to make it forward compatible

c9ccda2277 varnish: create special tmp directory for syntax validation

7f3f7b3e04 varnish: fix tags and variables

f531460f49 Use proper keyrings directory for APT version ...

Debian 9 → 11 : /etc/apt/trusted.gpg.d
Debian 12 : /etc/apt/keyrings

28540247f0 Add signed-by option for additional APT sources

573a6e1d97 logstash: fix elastic signature

a1bf300d54 bookworm-detect: transitional role to help dealing with unreleased bookworm version

4c9aaf6d86 Merge branch 'unstable' into debian12-keyring

b36d4c4766 various fixes for Debian 12

1fae737ac4 Use bullseye suite even for bookworm

4050dbea7a packweb-apache: enable log_forensic module

faeb92230b packweb-apache: manual dependencies resolution

9d120ee958 php: add restart handler for php8.1-fpm

83138f0a0b

nagios-nrpe: Correct port for check_opendkim

b797a5059a nagios-nrpe: add ceph checks

396afa0a75 nagios-nrpe: add ceph checks to changelog

d289c76970 varnish: fix package facts

ecd9d1543f varnish: better package facts usage with check mode and tags

171ece7bba MongoDB: Dimiss apt-key use (#58271) and allow to choose mongodb_version on Jessie

057224fb38 Skip task in check_mode

665177556e evomaintenance: allow missing API endpoint if APi is disabled

54dca82838 varnish: fix missing state, that blocked the task

4156142c85 docker: no need to specify the architecture ...

We use only adm64 servers (for now)

08db230c29 Merge branch 'debian12' into unstable

c96f28e47b evocheck: install script according to Debian version

cd2c1931b1 keepalived: change exit code (warning if runnin but not on expected state ; critical if not running)

cca072425b openvpn: shellpki upstream release 22.12

a1bad43b25 Drop unsigned repository when adding a signed one

fafff25c20 Add “when: not ansible_check_mode” to allow more --check

5e63340aa9 openvpn: shellpki upstream release 22.12.1

6cc3e03864 openvpn: specifies that the mail for expirations is for OpenVPN

22f30b59f2 certbot: auto-detect HAPEE version in renewal hook

982112bd64 rabbitmq: add link in default page

3c2369a3a2 listupgrade: better detection for PostgreSQL

ce361c6819 listupgrade: sort/uniq of packages/services lists in email template

e415800508 Run if there are enough place

101c282846

proftpd: Fix format of public key files controlled by ansible ...

The comments used by ansible's blockinfile module break the format
expected by proftpd for public ssh keys, making them unusable.

Replace with a template, we will just have to accept that we need to use
ansible for all changes to these file.

bc1facd1ba

proftpd: Fix mode of public key files and directory

4e7a46c9c3 Run VACUUM where there are enough space and always delete old IPs

ce5e4b12c6 Apache: Drop duplicate when keys

b02400fd84 php: (partial) fix duplicate when

d4f58b9395 Drop duplicate when keys introduced in fafff25c20

0722b84341 openvpn: shellpki upstream release 22.12.2

9918776286 openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream

91b40ce72f openvpn: Fix mode of shellpki script

1728eaee68 Revert "Add “when: not ansible_check_mode” to allow more --check" ...

This reverts commit fafff25c20.
This reverts commit e64471c5a8084f95a8e6f955d3fa918c55b8e846.

34fefa1212 typos

1acd2f63db on enlève bc

fa9d5b8b81 git pushMerge branch 'unstable' of gitea.evolix.org:evolix/ansible-roles into unstable

ac85efe8aa vrrpd: Small fix to work in check mode

21ab9b1e68 Revert ce5e4b12c6

240ccee12b Release 22.12

jlecour added 1 commit 2022-12-14 11:47:59 +01:00

0622e9ff1e fix non-breaking spaces

jlecour added 1 commit 2022-12-14 12:02:19 +01:00

27a4f574f1 Merge branch 'stable' into unstable

jlecour referenced this pull request from a commit 2022-12-14 12:02:45 +01:00

Merge pull request 'Release 22.12' (#165) from unstable into stable

jlecour merged commit e1e4f39778 into stable 2022-12-14 12:02:46 +01:00

Sign in to join this conversation.

Reviewers

No reviewers

Labels

Clear labels   

bug

Something is not working

  

duplicate

This issue or pull request already exists

  

enhancement

New feature

  

help wanted

Need some help

  

invalid

Something is wrong

  

question

More information is needed

  

security

Concern a security issue

  

wontfix

This won't be fixed

No labels

bug

duplicate

enhancement

help wanted

invalid

question

security

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: evolix/ansible-roles#165

No description provided.