Releases Tags
-
Release 10.6.0
jlecour released this 4 months ago | 0 commits to stable since this release
Added
- Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
- apache: new variable for mpm mode (+ updated default config accordingly)
- evolinux-base: add default motd template
- kvm-host: add migrate-vm script
- mysql: variable to disable myadd script overwrite (default: True)
- nodejs: update apt cache before installing the package
- squid: add Yarn apt repository in default whitelist
Changed
- Update Galaxy metadata (company, platforms and galaxy_tags)
- Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
- Use Ansible syntax used in Ansible 2.8+
- apt: store keys in /etc/apt/trusted.gpg.d in ascii format
- certbot: sync_remote.sh is configurable
- evolinux-base: copy GPG key instead of using apt-key
- evomaintenance: upstream release 0.6.4
- kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
- listupgrade: upstream release 21.06.2
- nodejs: change GPG key name
- ntpd: Add leapfile configuration setting to ntpd on debian 10+
- packweb-apache: install phpMyAdmin from buster-backports
- spamassassin: change dependency on evomaintenance
- squid: remove obsolete variable on Squid 4
Fixed
- add default (useless) value for file lookup (first_found)
- fix pipefail option for shell invocations
- elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
- evolinux-base: fix motd lookup path
- ldap: fix edge cases where passwords were not set/get properly
- listupgrade: fix wget error + shellcheck cleanup
Removed
- elasticsearch: recent versiond don't depend on external JRE
Downloads
-
Release 10.5.1
Added
- haproxy: dedicated internal address/binding (without SSL)
Changed
- etc-git: commit in /usr/share/scripts when there's an active repository
Downloads
-
Release 10.5.0
Added
- apache: new variables for logrotate + server-status
- filebeat: package can be upgraded to latest (default: False)
- haproxy: possible admin access with login/pass
- lxc-php: Add PHP 7.4 support
- metricbeat: package can be upgraded to latest (default: False)
- metricbeat: new variables to configure SSL mode
- nagios-nrpe: new script check_phpfpm_multi
- nginx: add access to server status on default VHost
- postfix: add smtpd_relay_restrictions in configuration
Changed
- apache: rotate logs daily instead of weekly
- apache: deny requests to ^/evolinux_fpm_status-.*
- certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
- certbot: use the legacy script on Debian 8 and 9
- elasticsearch: log rotation is more readable/maintainable
- evoacme: upstream release 21.01
- evolinux-users: Add sudo rights for nagios for multi-php lxc
- listupgrade: update script from upstream
- minifirewall: change some defaults
- nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
- redis: use /run instead or /var/run
- redis: escape password in Munin configuration
Fixed
- bind9: added log files to apparmor definition so bind can run
- filebeat: fix Ansible syntax error
- nagios-nrpe: libfcgi-client-perl is not available before Debian 10
- redis: socket/pid directories have the correct permissions
Removed
- nginx: no more "minimal" mode, but the package remains customizable.
Downloads
-
Release 10.4.0
Added
- certbot: detect domains if missing
- certbot: new "sync_remote.sh" hook to sync certificates and execute hooks on remote servers
- varnish: variable for jail configuration
Changed
- certbot: disable auth for Let's Encrypt challenge
- nginx: change from "nginx_status-XXX" to "server-status-XXX"
Downloads
-
Release 10.3.0
Added
- dovecot: Update munin plugin & configure it
- dovecot: vmail uid/gid are configurable
- evoacme: variable to disable Debian version check (default: False)
- kvm-host: Add drbd role dependency (toggleable with kvm_install_drbd)
- minifirewall: upstream release 20.12
- minifirewall: add variables to force upgrade the script and the config (default: False)
- mysql: install save_mysql_processlist script
- nextcloud: New role to setup a nextcloud instance
- redis: variable to force use of port 6379 in instances mode
- redis: check maxmemory in NRPE check
- lxc-php: Allow php containers to contact local MySQL with localhost
- varnish: config file name is configurable
Changed
- Create system users for vmail (dovecot) and evoadmin
- apt: disable APT Periodic
- evoacme: upstream release 20.12
- evocheck: upstream release 20.12
- evolinux-users: improve uid/login checks
- tomcat-instance: fail if uid already exists
- varnish: change template name for better readability
- varnish: no threadpool delay by default
- varnish: no custom reload script for Debian 10 and later
Fixed
- cerbot: parse HAProxy config file only if HAProxy is found
Downloads
-
Version 10.2.0
Added
- evoacme: remount /usr if necessary
- evolinux-base: swappiness is customizable
- evolinux-base: install wget
- tomcat: root directory owner/group are configurable
Changed
- Change default public SSH/SFTP port from 2222 to 22222
Fixed
- certbot: an empty change shouldn't raise an exception
- certbot: fix "no-self-upgrade" option
Removed
- evoacme: remove Debian 9 support
Downloads
-
Version 10.1.0
Added
- certbot: detect HAProxy cert directory
- filebeat: allow using a template
- generate-ldif: add NVMe disk support
- haproxy: add deny_ips file to reject connections
- haproxy: add some comments to default config
- haproxy: enable stats frontend with access lists
- haproxy: preconfigure SSL with defaults
- lxc-php: Don't disable putenv() by default in PHP settings
- lxc-php: Install php-sqlite by default
- metricbeat: allow using a template
- mysql: activate binary logs by specifying log_bin path
- mysql: option to define as read only
- mysql: specify a custom server_id
- nagios-nrpe/evolinux-base: brand new check for hardware raid on HP servers gen 10
- nginx: make default vhost configurable
- packweb-apache: Install zip & unzip by default
- php: Don't disable putenv() by default in PHP settings
- php: Install php-sqlite by default
Changed
- certbot: fix haproxy hook (ssl cert directory detection)
- certbot: install certbot dependencies non-interactively for jessie
- elasticsearch: configure cluster with seed hosts and initial masters
- elasticsearch: set tmpdir before datadir
- evoacme: read values from environment before defaults file
- evoacme: update for new certbot role
- evoacme: upstream release 20.08
- haproxy: adapt backports installed package list to distibution
- haproxy: chroot and socket path are configurable
- haproxy: deport SSL tuning to Mozilla SSL generator
- haproxy: rotate logs with date extension and immediate compression
- haproxy: split stats variables
- lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
- mongodb: install custom munin plugins
- nginx: read server-status values before changing the config
- packweb-apache: Don't turn on mod-evasive emails by default
- redis: create sudoers file if missing
- redis: new syntax for match filter
- redis: raise an error is port 6379 is used in "instance" mode
Fixed
- certbot: restore compatibility with old Nginx
- evobackup-client: fixed the ssh connection test
- generate-ldif: better detection of computerOS field
- generate-ldif: skip some odd ethernet devices
- lxc-php: Install opensmtpd as intended
- mongodb: fix logrotate patterm on Debian buster
- nagios-nrpe: check_amavis: updated regex
- squid: better regex to match sa-update domains
- varnish: fix start command when multiple addresses are present
Downloads
-
Version 10.0.0
Added
- apache: the default VHost doesn't redirect to https for ".well-known" paths
- apt: added buster backports prerferences
- apt: check if cron is installed before adding a cron job
- apt: remove jessie/buster sources from Gandi servers
- apt: verify that /etc/evolinux is present
- certbot : new role to install and configure certbot
- etc-git: add versioning for /usr/share/scripts on Debian 10+
- evoacme: upstream version 19.11
- evolinux-base: default value for "evolinux_ssh_group"
- evolinux-base: install /sbin/deny
- evolinux-base: install Evocheck (default:
True) - evolinux-base: on debian 10 and later, add noexec on /dev/shm
- evolinux-base: on debian 10 and later, add /usr/share/scripts in root's PATH
- evolinux-base: remove the chrony package
- evomaintenance: don't configure firewall for database if not necessary
- generate-ldif: support MariaDB 10.3
- haproxy: add a variable to keep the existing configuration
- java: add Java 11 as possible version to install
- listupgrade: install old-kernel-autoremoval script
- minifirewall: add a variable to force the check scripts update
- mongodb: mongodb: compatibility with Debian 10
- mysql-oracle: backport tasks from mysql role
- mysql: activate binary logs by specifying log_bin path
- mysql: specify a custom server_id
- networkd-to-ifconfig: add variables for configuration by variables
- packweb-apache: Deploy opcache.php to give some insights on PHP's opcache status
- php: variable to install the mysqlnd module instead of the default mysql module
- postgresql : variable to install PostGIS (default:
False) - redis: rewrite of the role (separate instances, better systemd units…)
- webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
- webapps/evoadmin-web Overload templates if needed
- evolinux-base: install ssacli for HP Smart Array
- evobackup-client role to configure a machine for backups with bkctld(8)
- bind: enable query logging for recursive resolvers
- bind: enable logrotate for recursive resolvers
- bind: enable bind9 munin plugin for recursive resolvers
Changed
- replace version_compare() with version()s
- removed some deprecations for Ansible 2.7
- apache: improve permissions in save_apache_status script
- apt: hold packages only if package is installed
- bind: the munin task was present, but not included
- bind: change name of logrotate file to bind9
- certbot: commit hook must be executed at the end
- elasticsearch: listen on local interface only by default
- evocheck: upstream version 20.04.4
- evocheck: cron jobs execute in verbose
- evolinux-base: use "evolinux_internal_group" for SSH authentication
- evolinux-base: Don't customize the logcheck recipient by default.
- evolinux-base: configure cciss-vol-statusd in the proper file
- evomaintenance: upstream release 0.6.3
- evomaintenance: Turn on API by default (instead of DB)
- evomaintenance: install PG dependencies only when needed
- listupgrade: update from upstream
- lxc: rely on lxc_container module instead of command module
- lxc: remove useless loop in apt execution
- lxc: update our default template to be compatible with Debian 10
- lxc-php: refactor tasks for better maintainability
- lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
- lxc-solr: changed default Solr version to 8.4.1
- minifirewall: better alert5 activation
- minifirewall: no http filtering by default
- minifirewall: /bin/true command doesn't report "changed" anymore
- nagios-nrpe: update check_redis_instances (same as redis role)
- nagios-nrpe: change default haproxy socket path
- nagios-nrpe: check_mode per cpu dynamically
- nodejs: change default version to 12 (new LTS)
- packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
- php: By default, allow 128M for OpCache (instead of 64M)
- php: Don't set a chroot for the default fpm pool
- php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
- php: Change the default pool names to something more explicit (and same for the variables names)
- php: Add a task to remove Debian's default FPM pool file (off by default)
- php: Cleanup CLI Settings. Also, allow url fopen and don't disable functions (in CLI only)
- postgresql : changed logrotate config to 10 days (and fixed permissions)
- rbenv: changed default Ruby version to 2.7.0
- squid: Remove wait time when we turn off squid
- squid: compatibility wit Debian 10
- tomcat: package version derived from Debian version if missing
- varnish: remove custom ExecReload= script for Debian 10+
Fixed
- etc-git: fix warnings ansible-lint
- evoadmin-web: Put the php config at the right place for Buster
- lxc: Don't stop the container if it already exists
- lxc: Fix container existance check to be able to run in check_mode
- lxc-php: Don't remove the default pool
- minifirewall: fix warnings ansible-lint
- nginx: fix munin fcgi not working (missing chmod 660 on logs)
- php: add missing handler for php7.3-fpm
- roundcube: fix typo for roundcube vhost
- tomcat: fix typo for default tomcat_version
- evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
- certbot: Properly evaluate when apache is installed
- evolinux-base: Don't make alert5.service executable as systemd will complain
- webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
- minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
- minifirewall: Properly detect alert5.sh to turn on firewall at boot
- packweb-apache: Add missing dependency to evoacme role
- php: Chose the debian version repo archive for packages.sury.org
- php: update surry_post.yml to match current latest PHP release
- packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
Removed
- clamav : do not install the zoo package anymore
Downloads
-
Version 9.10.1
Changed
- evocheck : update (version 19.06) from upstream
Downloads
-
Version 9.10.0
Added
- apache: add server status suffix in VHost (and default site) if missing
- apache: add a variable to customize the server-status host
- apt: add a script to manage packages with "hold" mark
- etc-git: gitignore /etc/letsencrypt/.certbot.lock
- evolinux-base: install "spectre-meltdown-checker" (Debian 10 and later)
- evomaintenance: make hooks configurable
- nginx: add server status suffix in VHost (and default site) if missing
- redmine: enable gzip compression in nginx vhost
Changed
- evocheck : update (unreleased) from upstream
- evomaintenance : use the web API instead of PG Insert
- fluentd: store gpg key locally
- rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.6.3
- redmine: update default version to 4.0.3
- nagios-nrpe: change required status code for http and https check
- redmine: use custom errors-pages in Nginx vhost
- nagios-nrpe: check_load is now based on ansible_processor_vcpus
- php: Stop enforcing /var/www/html as chroot while we use /var/www
- apt: Add Debian Buster repositories
Fixed
- rbenv: add check_mode for check rbenv and ruby versions
- nagios-nrpe: fix redis_instances check when Redis port equal 0
- redmine: fix 500 error on logging
- evolinux-base: Validate sshd config with "-t" instead of "-T"
- evolinux-base: Ensure rename is present
- evolinux-users: Validate sshd config with "-t" instead of "-T"
- nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-*
Downloads
-
Version 9.9.0
Added
- evocheck : add "x-frame-options: sameorigin" for Munin
- etc-git: ignore evobackup/.keep-* files
- lxc: /home is mounted in the container by default
Changed
- changed remote repository to https://gitea.evolix.org/evolix/ansible-roles
- apt: Ensure jessie-backport from archives.debian.org is accepted
- apt: Remove jessie-update suite as it's no longer exists
- apt: Replace mirror.evolix.org by archives.debian.org for jessie-backport
- evocheck : update script from upstream
- evolinux-base: remove apt-listchanges on Stretch and later
- evomaintenance: embed version 0.5.0
- opendkim: aligning roles with our conventions, major changes in opendkim-add.sh
- redis: higher limit of open files
- redis: set variables on inclusion, not with set_facts
- tomcat: better tomcat version management
- webapps/evoadmin-web: add dbadmin.sh to sudoers file
Fixed
- spamassasin: fix sa-update.sh and ensure service is started and enabled
- tomcat-instance: deploy correct version of config files
- tomcat-instance: deploy correct version of server.xml
Downloads