diff --git a/CHANGELOG.md b/CHANGELOG.md index 6d85ed31..66f33653 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,12 @@ The **patch** part changes is incremented if multiple releases happen the same m ### Security +## [22.06.3] 2022-06-17 + +### Changed + +* evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers + ## [22.06.2] 2022-06-10 ### Added @@ -67,9 +73,14 @@ The **patch** part changes is incremented if multiple releases happen the same m * docker: Allow "live-restore" to be toggled with docker_conf_live_restore * evocheck: upstream release 22.06 +* evolinux-base: Replacement of variable `evolinux_packages_hardware` by `ansible_virtualization_role == "host"` automatize host type detection and avoids installing smartd & other on VM. * minifirewall: tail template follows symlinks * mysql: add "set crypt_use_gpgme=no" Mutt option, for mysqltuner +### Fixed + +* Role `postfix`: Add missing `localhost.localdomain localhost` to `mydestination` variable which caused undelivered of some local mails. + ## [22.05.1] 2022-05-12 ### Added diff --git a/evolinux-base/tasks/hardware.yml b/evolinux-base/tasks/hardware.yml index 2e68cc36..fefb8177 100644 --- a/evolinux-base/tasks/hardware.yml +++ b/evolinux-base/tasks/hardware.yml @@ -157,6 +157,43 @@ - "'Hewlett-Packard Company Smart Array' in raidmodel.stdout" - evolinux_packages_hardware_raid | bool +## LSI MegaRAID 12GSAS/PCIe Secure SAS39xx +# This is still incompatible with Debian + +- name: Check if PERC HBA11 device is present + shell: "lspci | grep -qE 'MegaRAID.*SAS39xx'" + check_mode: no + register: perc_hba11_search + failed_when: False + changed_when: False + tags: + - packages + +- name: MegaCLI SAS package must not be installed if PERC HBA11 is present + block: + - name: Disable harware RAID tasks + set_fact: + evolinux_packages_hardware_raid: False + + - name: blacklist mageclisas-status package + blockinfile: + dest: /etc/apt/preferences.d/0-blacklist + create: yes + marker: "## {mark} MEGACLISAS-STATUS BLACKLIST" + block: | + # DO NOT INSTALL THESE PACKAGES ON THIS SERVER + Package: megacli megaclisas-status + Pin: version * + Pin-Priority: -100 + + - name: Remove MegaCLI packages + apt: + name: + - megacli + - megaclisas-status + state: absent + when: perc_hba11_search.rc == 0 + - name: MegaCLI SAS package is present block: - name: HWRaid embedded GPG key is absent diff --git a/nagios-nrpe/files/plugins/check_redis_sentinel_sync b/nagios-nrpe/files/plugins/check_redis_sentinel_sync new file mode 100755 index 00000000..e8f217aa --- /dev/null +++ b/nagios-nrpe/files/plugins/check_redis_sentinel_sync @@ -0,0 +1,46 @@ +#!/bin/sh +# +# Verify the synchroniation of Redis Sentinel slaves. + +output=$(mktemp --tmpdir $(basename "$0").XXXXXXXXXX) +critical_count=0 +ok_count=0 + +trap "rm -f $output" EXIT + +input=$(redis-cli -p 6380 sentinel slaves redis | sed 'N;s/\n/=/') + +#while read -r line; do +for line in $input; do + case "$line" in + name=*) name=${line#name=} ;; + master-link-status=*) status=${line#master-link-status=} ;; + esac + if [ -n "$name" ] && [ -n "$status" ]; then + if [ "$status" = ok ]; then + echo "OK - $name" >> "$output" + ok_count=$(( ok_count + 1)) + else + echo "CRITICAL - $name" >> "$output" + critical_count=$(( critical_count + 1)) + fi + unset name status + fi +done + +total_count=$(( ok_count + critical_count )) + +plural='' +test "$total_count" -gt 1 && plural='s' + +if [ $ok_count -eq $total_count ]; then + printf "OK - %d/%d Redis Sentinel slave%s are in sync\n\n" \ + "$ok_count" "$total_count" "$plural" + cat "$output" + exit 0 +else + printf "CRITICAL - %d/%d Redis Sentinal slave%s aren't in sync\n\n" \ + "$critical_count" "$total_count" "$plural" + cat "$output" + exit 2 +fi