-
Release 23.10 Stable
released this
2023-10-14 07:55:17 +02:00 | 0 commits to stable since this releaseAdded
- apt: disable
NonFreeFirmware
warning for VM on Debian 12+ - apt: explicit
signed-by
directives for official sources - bind: add reload-zone helper
- certbot: deploy-hook for proftpd
- docker-host: added var for user namespace setting
- dovecot: add Munin plugins dovecot1 and dovecot_stats (patched)
- dovecot: fix old_stats plugin for Dovecot 2.3
- evocheck: add support for Debian >= 12 split SSH configuration
- evolinux-base: add split SSH configuration for Debian >= 12
- evolinux-base: configure
.bashrc
for all users - evolinux-base: New variable
evolinux_system_include_ntpd
to chose wether or not to includentpd
role - evolinux-base: reboot the server if the Cloud kernel has been installed
- evolinux-users: add split SSH configuration for Debian >= 12
- evolinux: install HPE Agentless Management Service (amsd)
- fail2ban: add default variable fail2ban_dbpurgeage_default
- fail2ban: add
fail2ban_sshd_port
variable to configure sshd port - kvm-host: release 23.10 for migrate-vm.sh
- metricbeat/logstash: fix Ansible syntax
- mysql: new munin graph to follow binlog_days over time
- nagios-nrpe: add a NRPE check-local command with completion.
- nagios-nrpe: add a proper monitoring plugin for GlusterFS (on servers, not for clients)
- php: add new variable to disable overriding settings of php-fpm default pool (www)
- policy_pam: New role to manage password policy with
pam_pwquality
&pam_pwhistory
- userlogrotate: add a
userlogpurge
script disabled by default - userlogrotate: new version, with separate conf file
- userlogrotate: rotate also php.log
- java: allow version 17
- timesyncd: new role, used instead of ntpd by default starting with Debian 12
Changed
- all: change syntax "become: [yes,no]" → "become: [true,false]"
- all: change syntax "force: [yes,no]" → "force: [true,false]"
- elasticsearch: improve networking configuration
- evolinux-base: include files under
sshd_config.d
- evolinux-users: remove Stretch references in tasks that also apply to next Debian versions
- evomaintenance: upstream release 23.10.1
- lxc-php: change LXC container in bookworm for php82
- minifirewall: update nrpe script to check active configuration
- minifirewall: upstream release 23.07
- mysql: improve shell syntax for mysql_skip script
- nagios-nrpe: set default check_load --per-cpu for BSD
- pgbouncer: minor fixes
- postfix (packmail or when postfix_slow_transport_include is True): change
miniprofmal_backoff_time
from 2h to 15m (see HowtoPostfix) - postfix (packmail) : optimize Amavis integration
- postfix: disable sending mails via IPv6
- postfix: new spam.sh update script that avoids reloading if files did not change.
- postgresql: fix file
postgresql.pref.j2
for exclude package - postgresql: fix task
update apt cache
for PGDG repo - redis: standardize plugins path from
/usr/local/share/munin/
to/usr/local/lib/munin/plugins/
- varnish: allow the systemd template to be overridden with a template outside of the role
- lxc: purge openssh-server from container on install
Fixed
- elasticsearch: comment the
Xlog:gc
line instead of changing it completely - evocheck: fix IS_SSHALLOWUSERS condition
- evolinux-base, evolinux-users: Fix files mode under
/etc/ssh/sshd_config.d
- evolinux-base: fix file extension
- fail2ban: fix cron
fail2ban_dbpurge
(should be bash instead of sh) - lxc-php: fix APT keyring path inside containers
- nagios-nrpe:
check_ssl_local
now has an output that nrpe can understand when it isn't OK - nagios-nrpe: remount
/usr
after installing the packages - nagios-nrpe: sync Redis check from redis roles
- nginx: set default server directive in default vhost
- opendkim: update apt cache before install
- packweb-apache,nagios-nrpe: add missing task and config for PHP 8.2 container
- postfix: add missing
localhost.$mydomain
tomydestination
- redis: replace erroneous
ini_file
module for Munin config, fix dedicated Munin config filename (z-XXX). - evolinux-base: use lineinfile instead of replace under root task
- evolinux-base: Corriger autorisation pour evolinux_user
- docker-host: Retirer directive state en trop
- rbenv: Installer libyaml-dev
Removed
- dovecot: remove Munin plugin dovecot (not working)
Downloads
- apt: disable
-
Release 23.04 Stable
released this
2023-04-23 10:51:41 +02:00 | 185 commits to stable since this releaseAdded
- graylog: new role
- lxc-php: add support for PHP 8.2 container
Changed
- Use FQCN (Fully Qualified Collection Name)
- apt: with Debian 12, backports are installed but disabled by default
- openvpn: updated the README file
- pgbouncer: add handler to restart the service
Fixed
- generate-ldif: Support for Debian 12
Downloads
-
Release 23.03.1 Stable
released this
2023-03-16 22:18:53 +01:00 | 232 commits to stable since this releaseAdded
- pgbouncer: new role
Changed
- apt: deb822 migration python script is looked relative to shell script
- listupgrade: remove old typo version of the cron task
- minifirewall: support protocols in numeric form
Downloads
-
Release 23.03 Stable
released this
2023-03-16 15:00:03 +01:00 | 239 commits to stable since this releaseAdded
- apache: add task to enable mailgraph on default vhost and index.html
- apt: add move-apt-keyrings script/tasks
- apt: add tools to migrate sources to deb822 format
- fail2ban: add "Internal login failure" to Dovecot filter
- lxc: copy
/etc/profile.d/evolinux.sh
from host into container - nagios-nrpe: add tasks/files for a wrapper
- nagios-nrpe: Print pool config path in check_phpfpm_multi output
- php: add
php_version
variable when sury is activated for each Debian version - php: add a way to choose which version to install using sury repository
- postfix: Add task to enable mailgraph on packmail
- postgresql: configure max_connections
- userlogrotate: create dedicated role, separated from packweb-apache
- varnish: add
varnish_update_config
variable to disable configuration update
Changed
- Use systemd module instead of command
- Removed all
warn: False
args in command, shell and other modules as it's been deprecated and will give a hard fail in ansible-core 2.14.0. - apt: Use pub.evolix.org instead of pub.evolix.net
- bind: refactor role
- elasticsearch: Disable garabge collector logging (JDK >= 9)
- evolinux-users: Update sudoers template to remove commands allowed without password
- listupgrade: upstream release 23.03.3
- kvmstats: use virsh domstats | awk to get guests informations
- nagios-nrpe : Rewrite
check_vrrpd
for a better check (checkrp_filter
,vrrpd
anduvrrpd
compatible, use arguments, …) - openvpn: Change
check_openvpn
destination file to comply with recent EvoBSD change - postfix: come back to default value of
notify_classes
for pack mails. - userlogrotate: set rotate date format in right order (YYYY-MM-DD)!
- webapps/nextcloud : Change default data directory to be outside web root
- webapps/nextcloud : Small enhancement on the vhost template to lock out data dir
- yarn: update apt key
Fixed
- Proper jinja spacing
- clamav: set
MaxConnectionQueueLength
to its default value (200), custom (15) was way too small and caused recurring failures in Postfix. - docker-host: fix type in
daemon.json
and remove host configuration that is already in the systemd service by default - evolinux-base: ensure dbus is started and enabled (not by default in the case of an offline netinst)
- haproxy: fix missing admin ACL in stats module access permissions
- openvpn: fix the client cipher configuration to match the server cipher configuration
- php: fix error introduced in #33503e4538 (
False
evaluated as a String instead of Boolean) - php: install using Sury repositories on Bullseye
- postfix (packmail only): disable
concurrency_failed_cohort_limit
for destination smtp-amavis to prevent the suspension of this destination when Amavis fails to answer. Indeed, we configure the suspension delay quite long inminimal_backoff_time
(2h) andmaximal_backoff_time
(6h) to reduce the risk of ban from external SMTPs. - postfix: avoid Amavis transport to be considered dead when restarted.
- postfix: remove unused
aliases_scope=sub
from virtual_aliases.cf (it generated warnings) - userlogrotate: fix bug introduced in commit
2e54944a24
(rotated files were not zipped) - userlogrotate: skip zipping if .gz log already exists (prevents interactive question)
Removed
- evolinux-base: subversion is not installed anymore
Downloads
-
Release 22.12 Stable
released this
2022-12-14 12:04:12 +01:00 | 344 commits to stable since this releaseAdded
- all: add signed-by option for additional APT sources
- all: preliminary work to support Debian 12
- all: use proper keyrings directory for APT version
- evolinux-base: replace regular kernel by cloud kernel on virtual servers
- lxc-php: set php-fpm umask to
007
- nagios-nrpe:
check_ceph_*
- nagios-nrpe:
check_haproxy_stats
supports DRAIN status - packweb-apache: enable
log_forensic
module - rabbitmq: add link in default page
- varnish: create special tmp directory for syntax validation
Changed
- certbot: auto-detect HAPEE version in renewal hook
- evocheck: install script according to Debian version
- evolinux-base:
utils.yml
can be excluded - evolinux-todo: execute tasks only for Debian distribution (because this task is a dependency for others roles used on different distributions)
- evolinux-user: add sudoers privilege for check
php_fpm81
- evomaintenance: allow missing API endpoint if APi is disabled
- java: use default JRE package when version is not specified
- keepalived: change exit code (warning if running but not on expected state ; critical if not running)
- listupgrade: better detection for PostgreSQL
- listupgrade: sort/uniq of packages/services lists in email template
- lxc-solr: detect the real partition options
- lxc-solr: download URL according to Solr Version
- lxc-solr: set homedir and port at install
- minifirewall: whitelist deb.freexian.com
- openvpn: shellpki upstream release 22.12.2
- openvpn: specifies that the mail for expirations is for OpenVPN
- packweb-apache: manual dependencies resolution
- redis: some values should be quoted
- redis: variable to disable transparent hugepage (default: do nothing)
- squid: whitelist
deb.freexian.com
- varnish: better package facts usage with check mode and tags
- varnish: systemd override depends on Varnish version instead of Debian version
Fixed
- evolinux-user: Fix sudoers privilege for check
php_fpm80
- nagios-nrpe: Fix check opendkim for recent change in listening port
- openvpn: Fix mode of shellpki script
- proftpd: Fix format of public key files controlled by Ansible
- proftpd: Fix mode of public key directory and files (they have to be accessible by
proftpd:nobody
) - varnish: fix missing state, that blocked the task
Removed
- openvpn: Deleted the task fixing the CRL rights since it has been fixed in upstream
Downloads
-
Release 22.09 Stable
released this
2022-09-19 17:07:23 +02:00 | 421 commits to stable since this releaseAdded
- evolinux_users: create only users who have a certain value for the
create
key (default:always
). - php: install php-xml with recent PHP versions
- vrrp: add an
ip.yml
task file to help create VRRP addresses - webapps/nextcloud: Add compatibility with apache2, and apache2 mod_php.
- memcached: NRPE check for multi-instance setup
- munin: Add ipmi_ plugins on dedicated hardware
- proftpd: Add options to override configs (and add a warning if file was overriden)
- proftpd: Allow user auth with ssh keys
Changed
- evocheck: upstream release 22.09
- evolinux-base: update-evobackup-canary upstream release 22.06
- generate-ldif: Support any MariaDB version
- minifirewall: use handlers to restart minifirewall
- openvpn: automate the initialization of the CA and the creation of the server certificate ; use openssl_dhparam module instead of a command
- generate-ldif: support any version of MariaDB (instead of only 10.0, 10.1 and 10.3)
- openvpn: Run OpenVPN with the _openvpn user and group instead of nobody which is originally for NFS
- nagios-nrpe: Upgrade check_mongo
Fixed
- fail2ban: fix dovecot-evolix regex syntax
- haproxy: make it so that munin doesn't break if there is a non default
haproxy_stats_path
- mysql: Add missing Munin conf for Debian 11
- redis: config directory must be owned by the user that runs the service (to be able to write tmp config files in it)
- varnish: make
-j <jail_config>
the first argument on jessie/stretch as it has to be the first argument there. - webapps/nextcloud: Add missing dependencies for imagick
Removed
- evocheck: remove failure if deprecated variable is used
- webapps/nextcloud: Drop support for Nginx
Downloads
- evolinux_users: create only users who have a certain value for the
-
Release 22.07.1 Stable
released this
2022-07-28 13:52:34 +02:00 | 498 commits to stable since this releaseChanged
- evocheck: upstream release 22.07
- evomaintenance: upstream release 22.07
- mongodb: replace version_compare() with version()
- nagios-nrpe: check_disk1 returns only alerts
- nagios-nrpe: use regexp to exclude paths/devices in check_disk1
Downloads
-
Release 22.07 Stable
released this
2022-07-06 18:04:01 +02:00 | 520 commits to stable since this releaseAdded
- evolinux-base: session timeout is configurable (default: 36000 seconds = 10 hours)
- haproxy: add haproxy_allow_ip_nonlocal_bind to set sysctl value (optional)
- kvm-host: fix depreciation of "drbd-overview" by "drbdadm status" in add-vm.sh
- openvpn: configure logrotate
Changed
- openvpn: minimal rights on /etc/shellpki/ and crl.pem
Fixed
- evolinux-base: Update PermitRootLogin task to work on Debian 11
- evolinux-user: Update PermitRootLogin task to work on Debian 11
- minifirewall: docker mode is configurable
Downloads
-
Release 22.06.3 Stable
released this
2022-06-17 11:02:38 +02:00 | 535 commits to stable since this releaseChanged
- evolinux-base: blacklist and do not install megaclisas-status package on incompatible servers
Downloads
-
Release 22.06.2 Stable
released this
2022-06-10 11:14:38 +02:00 | 542 commits to stable since this releaseAdded
- postgresql: add variable to configure binding addresses (default: 127.0.0.1)
Changed
- evocheck: upstream release 22.06.2
- fail2ban: Give the possibility to override jail.local (with fail2ban_override_jaillocal)
- fail2ban: If jail.local was overriden, add a warning
- fail2ban: Allow to tune some jail settings (maxretry, bantime, findtime) with ansible
- fail2ban: Allow to tune the default action with ansible
- fail2ban: Change default action to ban only (instead of ban + mail with whois report)
- fail2ban: Configure recidive jail (off by default) + extend dbpurgeage
- redis: binding is possible on multiple interfaces (breaking change)
Fixed
- Enforce String notation for mode
- postgresql: fix nested loop for Munin plugins
- postgresql: Fix task order when using pgdg repo
- postgresql: Install the right pg version
Downloads