Releases

  • Version 10.2.0

    jlecour 1 month ago 0 commits to stable since this release

    Added

    • evoacme: remount /usr if necessary
    • evolinux-base: swappiness is customizable
    • evolinux-base: install wget
    • tomcat: root directory owner/group are configurable

    Changed

    • Change default public SSH/SFTP port from 2222 to 22222

    Fixed

    • certbot: an empty change shouldn’t raise an exception
    • certbot: fix “no-self-upgrade” option

    Removed

    • evoacme: remove Debian 9 support
     
  • Version 10.1.0

    jlecour 2 months ago 104 commits to stable since this release

    Added

    • certbot: detect HAProxy cert directory
    • filebeat: allow using a template
    • generate-ldif: add NVMe disk support
    • haproxy: add deny_ips file to reject connections
    • haproxy: add some comments to default config
    • haproxy: enable stats frontend with access lists
    • haproxy: preconfigure SSL with defaults
    • lxc-php: Don’t disable putenv() by default in PHP settings
    • lxc-php: Install php-sqlite by default
    • metricbeat: allow using a template
    • mysql: activate binary logs by specifying log_bin path
    • mysql: option to define as read only
    • mysql: specify a custom server_id
    • nagios-nrpe/evolinux-base: brand new check for hardware raid on HP servers gen 10
    • nginx: make default vhost configurable
    • packweb-apache: Install zip & unzip by default
    • php: Don’t disable putenv() by default in PHP settings
    • php: Install php-sqlite by default

    Changed

    • certbot: fix haproxy hook (ssl cert directory detection)
    • certbot: install certbot dependencies non-interactively for jessie
    • elasticsearch: configure cluster with seed hosts and initial masters
    • elasticsearch: set tmpdir before datadir
    • evoacme: read values from environment before defaults file
    • evoacme: update for new certbot role
    • evoacme: upstream release 20.08
    • haproxy: adapt backports installed package list to distibution
    • haproxy: chroot and socket path are configurable
    • haproxy: deport SSL tuning to Mozilla SSL generator
    • haproxy: rotate logs with date extension and immediate compression
    • haproxy: split stats variables
    • lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
    • mongodb: install custom munin plugins
    • nginx: read server-status values before changing the config
    • packweb-apache: Don’t turn on mod-evasive emails by default
    • redis: create sudoers file if missing
    • redis: new syntax for match filter
    • redis: raise an error is port 6379 is used in “instance” mode

    Fixed

    • certbot: restore compatibility with old Nginx
    • evobackup-client: fixed the ssh connection test
    • generate-ldif: better detection of computerOS field
    • generate-ldif: skip some odd ethernet devices
    • lxc-php: Install opensmtpd as intended
    • mongodb: fix logrotate patterm on Debian buster
    • nagios-nrpe: check_amavis: updated regex
    • squid: better regex to match sa-update domains
    • varnish: fix start command when multiple addresses are present
     
  • Version 10.0.0

    jlecour 5 months ago 193 commits to stable since this release

    Added

    • apache: the default VHost doesn’t redirect to https for “.well-known” paths
    • apt: added buster backports prerferences
    • apt: check if cron is installed before adding a cron job
    • apt: remove jessie/buster sources from Gandi servers
    • apt: verify that /etc/evolinux is present
    • certbot : new role to install and configure certbot
    • etc-git: add versioning for /usr/share/scripts on Debian 10+
    • evoacme: upstream version 19.11
    • evolinux-base: default value for “evolinux_ssh_group”
    • evolinux-base: install /sbin/deny
    • evolinux-base: install Evocheck (default: True)
    • evolinux-base: on debian 10 and later, add noexec on /dev/shm
    • evolinux-base: on debian 10 and later, add /usr/share/scripts in root’s PATH
    • evolinux-base: remove the chrony package
    • evomaintenance: don’t configure firewall for database if not necessary
    • generate-ldif: support MariaDB 10.3
    • haproxy: add a variable to keep the existing configuration
    • java: add Java 11 as possible version to install
    • listupgrade: install old-kernel-autoremoval script
    • minifirewall: add a variable to force the check scripts update
    • mongodb: mongodb: compatibility with Debian 10
    • mysql-oracle: backport tasks from mysql role
    • mysql: activate binary logs by specifying log_bin path
    • mysql: specify a custom server_id
    • networkd-to-ifconfig: add variables for configuration by variables
    • packweb-apache: Deploy opcache.php to give some insights on PHP’s opcache status
    • php: variable to install the mysqlnd module instead of the default mysql module
    • postgresql : variable to install PostGIS (default: False)
    • redis: rewrite of the role (separate instances, better systemd units…)
    • webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
    • webapps/evoadmin-web Overload templates if needed
    • evolinux-base: install ssacli for HP Smart Array
    • evobackup-client role to configure a machine for backups with bkctld(8)
    • bind: enable query logging for recursive resolvers
    • bind: enable logrotate for recursive resolvers
    • bind: enable bind9 munin plugin for recursive resolvers

    Changed

    • replace version_compare() with version()s
    • removed some deprecations for Ansible 2.7
    • apache: improve permissions in save_apache_status script
    • apt: hold packages only if package is installed
    • bind: the munin task was present, but not included
    • bind: change name of logrotate file to bind9
    • certbot: commit hook must be executed at the end
    • elasticsearch: listen on local interface only by default
    • evocheck: upstream version 20.04.4
    • evocheck: cron jobs execute in verbose
    • evolinux-base: use “evolinux_internal_group” for SSH authentication
    • evolinux-base: Don’t customize the logcheck recipient by default.
    • evolinux-base: configure cciss-vol-statusd in the proper file
    • evomaintenance: upstream release 0.6.3
    • evomaintenance: Turn on API by default (instead of DB)
    • evomaintenance: install PG dependencies only when needed
    • listupgrade: update from upstream
    • lxc: rely on lxc_container module instead of command module
    • lxc: remove useless loop in apt execution
    • lxc: update our default template to be compatible with Debian 10
    • lxc-php: refactor tasks for better maintainability
    • lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
    • lxc-solr: changed default Solr version to 8.4.1
    • minifirewall: better alert5 activation
    • minifirewall: no http filtering by default
    • minifirewall: /bin/true command doesn’t report “changed” anymore
    • nagios-nrpe: update check_redis_instances (same as redis role)
    • nagios-nrpe: change default haproxy socket path
    • nagios-nrpe: check_mode per cpu dynamically
    • nodejs: change default version to 12 (new LTS)
    • packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
    • php: By default, allow 128M for OpCache (instead of 64M)
    • php: Don’t set a chroot for the default fpm pool
    • php: Make sure the default pool we define can be fully functionnal witout debian’s default pool file
    • php: Change the default pool names to something more explicit (and same for the variables names)
    • php: Add a task to remove Debian’s default FPM pool file (off by default)
    • php: Cleanup CLI Settings. Also, allow url fopen and don’t disable functions (in CLI only)
    • postgresql : changed logrotate config to 10 days (and fixed permissions)
    • rbenv: changed default Ruby version to 2.7.0
    • squid: Remove wait time when we turn off squid
    • squid: compatibility wit Debian 10
    • tomcat: package version derived from Debian version if missing
    • varnish: remove custom ExecReload= script for Debian 10+

    Fixed

    • etc-git: fix warnings ansible-lint
    • evoadmin-web: Put the php config at the right place for Buster
    • lxc: Don’t stop the container if it already exists
    • lxc: Fix container existance check to be able to run in check_mode
    • lxc-php: Don’t remove the default pool
    • minifirewall: fix warnings ansible-lint
    • nginx: fix munin fcgi not working (missing chmod 660 on logs)
    • php: add missing handler for php7.3-fpm
    • roundcube: fix typo for roundcube vhost
    • tomcat: fix typo for default tomcat_version
    • evolinux-base: Fix our zsyslog rotate config that doesn’t work on Debian 10
    • certbot: Properly evaluate when apache is installed
    • evolinux-base: Don’t make alert5.service executable as systemd will complain
    • webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
    • minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
    • minifirewall: Properly detect alert5.sh to turn on firewall at boot
    • packweb-apache: Add missing dependency to evoacme role
    • php: Chose the debian version repo archive for packages.sury.org
    • php: update surry_post.yml to match current latest PHP release
    • packweb-apache: Don’t try to install PHPMyAdmin on Buster as it’s not available

    Removed

    • clamav : do not install the zoo package anymore
     
  • Version 9.10.1

    jlecour 1 year ago 515 commits to stable since this release

    Changed

    • evocheck : update (version 19.06) from upstream
     
  • Version 9.10.0

    jlecour 1 year ago 518 commits to stable since this release

    Added

    • apache: add server status suffix in VHost (and default site) if missing
    • apache: add a variable to customize the server-status host
    • apt: add a script to manage packages with “hold” mark
    • etc-git: gitignore /etc/letsencrypt/.certbot.lock
    • evolinux-base: install “spectre-meltdown-checker” (Debian 10 and later)
    • evomaintenance: make hooks configurable
    • nginx: add server status suffix in VHost (and default site) if missing
    • redmine: enable gzip compression in nginx vhost

    Changed

    • evocheck : update (unreleased) from upstream
    • evomaintenance : use the web API instead of PG Insert
    • fluentd: store gpg key locally
    • rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.6.3
    • redmine: update default version to 4.0.3
    • nagios-nrpe: change required status code for http and https check
    • redmine: use custom errors-pages in Nginx vhost
    • nagios-nrpe: check_load is now based on ansible_processor_vcpus
    • php: Stop enforcing /var/www/html as chroot while we use /var/www
    • apt: Add Debian Buster repositories

    Fixed

    • rbenv: add check_mode for check rbenv and ruby versions
    • nagios-nrpe: fix redis_instances check when Redis port equal 0
    • redmine: fix 500 error on logging
    • evolinux-base: Validate sshd config with “-t” instead of “-T”
    • evolinux-base: Ensure rename is present
    • evolinux-users: Validate sshd config with “-t” instead of “-T”
    • nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-*
     
  • Version 9.9.0

    jlecour 1 year ago 587 commits to stable since this release

    Added

    • evocheck : add “x-frame-options: sameorigin” for Munin
    • etc-git: ignore evobackup/.keep-* files
    • lxc: /home is mounted in the container by default

    Changed

    • changed remote repository to https://gitea.evolix.org/evolix/ansible-roles
    • apt: Ensure jessie-backport from archives.debian.org is accepted
    • apt: Remove jessie-update suite as it’s no longer exists
    • apt: Replace mirror.evolix.org by archives.debian.org for jessie-backport
    • evocheck : update script from upstream
    • evolinux-base: remove apt-listchanges on Stretch and later
    • evomaintenance: embed version 0.5.0
    • opendkim: aligning roles with our conventions, major changes in opendkim-add.sh
    • redis: higher limit of open files
    • redis: set variables on inclusion, not with set_facts
    • tomcat: better tomcat version management
    • webapps/evoadmin-web: add dbadmin.sh to sudoers file

    Fixed

    • spamassasin: fix sa-update.sh and ensure service is started and enabled
    • tomcat-instance: deploy correct version of config files
    • tomcat-instance: deploy correct version of server.xml
     
  • 1 year ago
  • 1 year ago
  • 1 year ago
  • 1 year ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 2 years ago
  • 3 years ago
  • 3 years ago