evolix/ansible-roles
22
2
Fork 2
Code Issues 61 Pull requests 18 Releases 32 Wiki Activity

Release 10.2.0 #114

Manually merged
jlecour merged 103 commits from unstable into stable 2020-09-17 14:14:16 +02:00
Conversation 0 Commits 103 Files changed 110 +2267 -547

103 commits

Author SHA1 Message Date
Jérémy Lecour 8b48552e36 Release 10.2.0
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details
2020-09-17 14:06:46 +02:00
Jérémy Lecour 3e67d92fd3 certbot: an empty change shouldn't raise an exception
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-09-16 12:07:27 +02:00
Jérémy Lecour 48174ad618 evoacme: remount /usr if necessary
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-09-14 11:31:47 +02:00
Jérémy Lecour 4007b14c09 whitespaces
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-09-14 11:17:54 +02:00
Jérémy Lecour b818c348c2 evoacme: remove Debian 9 support
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-09-11 11:09:45 +02:00
Ludovic Poujol f9d6fe0ad4 evolinux-base: install wget
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-09-10 14:59:19 +02:00
Jérémy Lecour c7151a8de8 certbot: fix "no-self-upgrade" option
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-09-08 10:02:15 +02:00
Jérémy Lecour 37ed5dd393 evolinux-base: swappiness is customizable
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-09-01 14:08:39 +02:00
Jérémy Lecour afa0fd35c8 Change default public SSH/SFTP port from 2222 to 22222
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-08-28 18:32:47 +02:00
Jérémy Lecour d0622c6b20 tomcat: root directory owner/group are configurable
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-08-27 17:12:34 +02:00
Jérémy Lecour 7413a242a8 Release 10.1.0
All checks were successful
continuous-integration/drone/pr Build is passing
Details
continuous-integration/drone/push Build is passing
Details
2020-08-21 14:50:17 +02:00
Jérémy Lecour 44ddc8047d evoacme: disable empty task for hooks 2020-08-21 14:21:28 +02:00
Jérémy Lecour 1e6d6cdd13 sort lines in CHANGELOG 2020-08-21 14:03:41 +02:00
Jérémy Lecour f49bf5c72d evoacme: use Let's Encrypt deploy hooks instead of evoacme hooks
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-08-21 14:02:07 +02:00
Jérémy Lecour a60deb276b evoacme: upstream release 20.08 2020-08-21 14:01:06 +02:00
Jérémy Lecour 8ea1bac000 evoacme: update for new certbot role 
* certbot is installed by the certbot role
* Apache/Nginx configuration is delegated to the certbot role
* No more "acme" user, everything is done with "root".
 2020-08-21 13:36:24 +02:00
Benoît S. a8095b1c36 Updated CHANGELOG.md with recent merges
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-08-20 15:49:22 +09:00
Jérémy Lecour 5c4daf3691 Merge remote-tracking branch 'origin/generateldif-patch' into unstable
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-08-19 14:53:10 +02:00
Jérémy Lecour d457b25c4b Merge remote-tracking branch 'origin/nagios-nrpe-amavis-update' into unstable 2020-08-19 14:52:04 +02:00
Jérémy Lecour 7eed6d0255 Merge remote-tracking branch 'origin/squid-sa-update-domains' into unstable 2020-08-19 14:51:50 +02:00
Jérémy Lecour 221e9edc10 Merge branch 'nagios-nrpe-check-hpraid' into unstable 2020-08-19 14:49:22 +02:00
Jérémy Lecour 57ac4e467c metricbeat: allow using a template
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-08-18 14:01:09 +02:00
Jérémy Lecour ce35f7292f filebeat: allow using a template 2020-08-18 14:00:46 +02:00
Ludovic Poujol edbc596511 mongodb: Fix issue introduced by 8aa7f6cf33
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-07-30 11:31:19 +02:00
Jérémy Lecour eeeb20771a elasticsearch: keep native values
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-07-21 10:46:34 +02:00
Jérémy Lecour d3e69eeeb5 certbot: fix haproxy hook (ssl cert directory detection)
All checks were successful
continuous-integration/drone/push Build is passing
Details 
It was matching additional parameters.
Now it matches on the first argument after "crt"
 2020-07-21 10:46:01 +02:00
Jérémy Lecour 21b8104654 elasticsearch: configure cluster with seed hosts and initial masters
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-07-19 11:40:59 +02:00
Jérémy Lecour 9270852349 elasticsearch: set tmpdir before datadir
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-07-19 11:30:00 +02:00
Jérémy Lecour cea5620568 elasticsearch is compatible with buster
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-07-17 13:49:07 +02:00
Jérémy Lecour 8aa7f6cf33 mongodb: install custom munin plugins
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-07-17 13:48:18 +02:00
Benoît S. 1c050b481a evolinux-base: check_hpraid.cron.sh: Fixed wrong <<< usage
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details
2020-07-01 10:18:30 +09:00
Benoît S. 0150e77041 generate-ldif: Patched computerOS detection
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details
2020-06-30 05:11:05 +02:00
Benoît S. 0fd8128f94 generate-ldif: Skip some odd ethernet devices 2020-06-30 04:36:04 +02:00
Benoît S. 0cd889e4fb generate-ldif: Add NVMe disk support 2020-06-30 04:10:03 +02:00
Benoît S. 9a8f1979bc evolinux-base: check_hpraid.cron.sh: Fixed wrong else
All checks were successful
continuous-integration/drone/push Build is passing
Details 
The logic was wrong, an else part was not necessary.
 2020-06-26 17:57:50 +09:00
Benoît S. a28b9558cb evolinux-base: check_hpraid.cron.sh: Better logic and use mail
All checks were successful
continuous-integration/drone/push Build is passing
Details 
First step is to detect errors
Second step is to detect different state

Added mail comand to replace cron output
 2020-06-24 18:57:08 +09:00
Jérémy Lecour 9bdd5ad9e7 haproxy: rotate logs with date extension and immediate compression
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-22 19:02:29 +02:00
Benoît S. de908ae5bd nagios-nrpe: check_amavis: Update regex
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details 
I just installed a Debian Stretch with a pack mail and the check_amavis
was not checking the right regex.

Amavis is returning:
2.7.0 Ok, discarded, id=17556-09 - INFECTED: Eicar-Signature
So the regex should be:
-if ($result =~/2.7.0 Ok, discarded, id=[^,]+ - INFECTED: Eicar-Test-Signature/) {
+if ($result =~/2.7.0 Ok, discarded, id=\S+ - INFECTED: Eicar-Signature/) {
 2020-06-17 12:20:33 +09:00
Benoît S. 1d7d2ce08d squid: Update regex for sa-update domains.
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details 
List of domains is like:

http://sa-update.dnswl.org/ weight=3

http://www.sa-update.pccc.com/ weight=5

http://sa-update.secnap.net/ weight=5

http://sa-update.space-pro.be/ weight=1

http://sa-update.ena.com/ weight=5

http://sa-update.razx.cloud/ weight=5

http://sa-update.fossies.org/ weight=1

http://sa-update.verein-clean.net/ weight=10

http://sa-update.bitwell.fi/ weight=5

http://sa-update.spamassassin.org/ weight=10

They all start sa-update.*, except for http://www.sa-update.pccc.com/.
In that case, we just match sa-update on the domain name.
 2020-06-17 11:25:24 +09:00
Jérémy Lecour 977c28c720 varnish: fix start command when multiple addresses are present
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-16 13:51:07 +02:00
Benoît S. 766b4dfa82 evolinux-base: check_hpraid cron: Add -p
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-16 13:20:43 +09:00
Benoît S. a74f4e1890 evolinux-base/tasks/hardware.yml: Removed trailing whitespace
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-16 12:42:33 +09:00
Benoît S. 4bec21a9f3 evolinux-base: harware: Support HP gen >=10 RAID controller
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-16 12:35:56 +09:00
Benoît S. 241f50d27e nagios-nrpe: check_hpraid: Update known working RAID controllers 2020-06-16 12:34:48 +09:00
Benoît S. 74229809ff nagios-nrpe: Add check_hpraid in template 2020-06-16 12:28:10 +09:00
Benoît S. 09e17ffe6c nagios-nrpe: check_hpraid: Use printf for return lines
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-16 11:16:44 +09:00
Benoît S. b47d2b872c nagios-nrpe: check_hpraid: Fixed wrong grep in EXCLUDE_BATTERY
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-16 10:57:18 +09:00
Benoît S. d49da6954a nagios-nrpe: check_hpraid: Fix wrong command name in examples
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-16 10:53:00 +09:00
Benoît S. 6126be95e3 nagios-nrpe: check_hpraid: Be sure that variables are bound
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-16 10:36:24 +09:00
Jérémy Lecour ce7468816f haproxy: deport SSL tuning to Mozilla SSL generator
All checks were successful
continuous-integration/drone/push Build is passing
Details 
There are too many combinations and they change every so often.
It's better to direct the user to the generator to have a good 
configuration.
 2020-06-15 22:47:08 +02:00
Jérémy Lecour 30cdbae981 haproxy: split stats variables 2020-06-15 22:45:22 +02:00
Jérémy Lecour 011761eb8f haproxy: add deny_ips file to reject connections
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-14 23:28:29 +02:00
Jérémy Lecour 8465743973 haproxy: add some comments to default config 2020-06-14 23:27:50 +02:00
Jérémy Lecour 01a486b20a haproxy: simplify syntax fos stats section 2020-06-14 23:19:40 +02:00
Jérémy Lecour ac4ef5ff96 whitespaces 2020-06-14 19:47:16 +02:00
Jérémy Lecour 4bf5b1daa6 nginx: read server-status values before changing the config
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-14 12:49:10 +02:00
Jérémy Lecour f47af9f54f haproxy: preconfigure SSL with defaults
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-14 12:37:04 +02:00
Jérémy Lecour 7f54b8ab60 haproxy: adapt backports installed package list to distibution 2020-06-14 12:37:04 +02:00
Jérémy Lecour e5d4ea3c18 nginx: make default vhost configurable 2020-06-14 12:37:04 +02:00
Jérémy Lecour ce0d61bcbd certbot: detect HAProxy cert directory 2020-06-14 12:37:04 +02:00
Patrick Marchand 0fee07f47e Fix variable par défaut manquante dans mysql
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Le lower_case_table_names doit être mis à Null pour que le check marche.
 2020-06-10 10:37:36 -04:00
Jérémy Lecour a8887aaa8e update changelog
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-09 11:45:19 +02:00
Jérémy Lecour 4c71ea2012 haproxy: enable stats frontend with access lists
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-09 11:41:33 +02:00
Patrick Marchand c9daa8ba35 evobackup-client: Fix ssh connection test in zzz_evobackup.sh
All checks were successful
continuous-integration/drone/push Build is passing
Details 
When I made the ssh key name a variable and defaulted it to id_ed25519,
I forgot to change the hardcoded value for the ssh test in
evobackup-client/templates/zzz_evobackup.default.sh.j2
 2020-06-08 17:22:18 -04:00
Jérémy Lecour d9f9d03140 evoacme: read values from environment before defaults file
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-05 11:31:42 +02:00
Jérémy Lecour 1ade990526 mongodb: fix logrotate patterm on Debian buster
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-05 11:02:54 +02:00
Eric Morino 2fbf1ff9f9 Force owner opendkim for /etc/opendkim/ folder
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-05 11:00:22 +02:00
Jérémy Lecour 7f0931510f evoacme: upstream release 20.06.1
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-05 11:01:42 +02:00
Ludovic Poujol ebffccae59 lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-05 11:01:22 +02:00
Ludovic Poujol 186f3d90b9 lxc-php: Install opensmtpd as intended 2020-06-05 10:57:49 +02:00
Ludovic Poujol 0dfb92360f php: Don't disable putenv() by default in PHP settings
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-04 11:52:04 +02:00
Ludovic Poujol 90704dc712 lxc-php: Don't disable putenv() by default in PHP settings 2020-06-04 11:51:25 +02:00
Ludovic Poujol ead0b7fd88 lxc-php: Install php-sqlite by default
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-04 11:42:17 +02:00
Ludovic Poujol 8c883c44dd php: Install php-sqlite by default 2020-06-04 11:39:51 +02:00
Ludovic Poujol c7d456471b packweb-apache: Install zip & unzip by default 2020-06-04 11:34:26 +02:00
Jérémy Lecour 2ca7872eef haproxy: syntax and whitespaces
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-04 11:22:58 +02:00
Jérémy Lecour 3bd0a4ffb3 certbot: restore compatibility with old Nginx 2020-06-04 11:22:58 +02:00
Jérémy Lecour 9aed38b637 certbot: install certbot dependencies non-interactively for jessie 2020-06-04 11:22:58 +02:00
Jérémy Dubois 1a0872c507 nagios-nrpe / evolinux-base : new ntp server variable
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Online hosted servers must use ntp.online.net as
ntp server, because others one are rate limited.
Default ntp server is pool.ntp.org, and a custom
one can be set with the nagios_nrpe_ntp_server
variable.
 2020-06-04 10:55:48 +02:00
Benoît S. 342810362d evolinux-base: check_hpraid.sh: Fix missing copy of RAID state
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-04 17:32:49 +09:00
Benoît S. 91dda2e1a2 evolinux-base: check_hpraid.sh: Fix RAID state detection 2020-06-04 17:23:14 +09:00
Benoît S. 7b97702f15 evolinux-base: Add check_hpraid.sh
All checks were successful
continuous-integration/drone/push Build is passing
Details 
This script is meant to be executed as a cron by executing Nagios
NRPE plugin check_hpraid and notify by mail any errors
 2020-06-04 16:50:35 +09:00
Jérémy Lecour 1d5a30b144 evoacme: upstream release 20.06
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-03 12:09:58 +02:00
Patrick Marchand c8cd119a18 Merge pull request 'Make it possible to setup mysql replication' (#102) from mysql_replication into unstable
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-02 17:31:13 +02:00
Jérémy Lecour 4cf438c8ff redis: raise an error is port 6379 is used in "instance" mode
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-02 11:22:56 +02:00
Jérémy Lecour 8a87fecbe4 redis: new syntax for match filter
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-06-02 11:00:06 +02:00
Jérémy Lecour 47d11308ba redis: create sudoers file if missing 2020-06-02 10:59:51 +02:00
Jérémy Lecour 86cab2ab94 haproxy: chroot and socket path are configurable 2020-06-02 10:58:10 +02:00
Jérémy Lecour 3fe1138a98 whitespaces 2020-06-02 10:57:16 +02:00
Patrick Marchand 8c1e40c1a9 Add option to make a mysql install read only
Some checks failed
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is failing
Details 
Rebased on unstable
 2020-06-01 12:03:23 -04:00
Patrick Marchand 5b9cc3af31 Added mysql_innodb_log_file_size option to the mysql role 
Makes it possible to have larger binary entries when replicating.
 2020-06-01 12:01:01 -04:00
Patrick Marchand 1a96616f42 Fix right problem in mysql replication 
The configuration file was not set to 0644, which caused the file
to be ignored by mysql and it's configuration not to be set.
 2020-06-01 12:01:01 -04:00
Patrick Marchand b80f3993ae Added some mysql variables and allowed forcing config update 
The default behaviour is kept, but this way we can manage a mysql
installation from ansible.
 2020-06-01 12:01:01 -04:00
Patrick Marchand d15819fb04 Replication should set a binlog format 
This could possible be better served in the base config file, but
for now I'll keep it here.
 2020-06-01 12:01:01 -04:00
Patrick Marchand 6289c7fe1c Removed redundant nagios checks 
They are already installed by the base roles.
 2020-06-01 12:01:01 -04:00
Patrick Marchand 45fba1f878 Removed useless dbadmin script from mysql replication tasks 
It was used by a very specific client case and is not needed for a
general role.
 2020-06-01 12:01:01 -04:00
Patrick Marchand c319be2542 Make it possible for mysql role to copy evolix scripts 
Based myself off of the webapps/evoadmin-web role, but I'm not sure
we still consider this a hack or not. We use a read only /usr fs,
so we need to remount it to add scripts in /usr/local/share.
 2020-06-01 12:01:01 -04:00
Patrick Marchand 31f002f9d9 Added option to prepare mysql servers for replication 2020-06-01 12:01:01 -04:00
Benoît S. 314cd2c1de nagios-nrpe: Added hpsa support to check_hpraid
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Also handle empty slots.
 2020-05-29 09:43:15 +09:00
Benoît S. f35cbdbe30 nagios-nrpe: shellchecked check_hp
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Also refactored the checking part and outputing.
 2020-05-28 16:35:11 +09:00
Benoît S. 0307c0b066 nagios-nrpe: Adding licence GPLv2 to check_hpraid 
Also describe what has been removed/changed from the original source.
 2020-05-28 15:33:00 +09:00
Benoît S. 073f2b5b09 nqgios-nrpe: Add check_hpraid
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-05-28 13:01:50 +09:00
Ludovic Poujol 09371b095f packweb-apache: Don't turn on mod-evasive emails by default
All checks were successful
continuous-integration/drone/push Build is passing
Details
2020-05-18 12:03:34 +02:00