• Stable 22.05.1 40546d077a

    Release 22.05.1

    jlecour released this 2 weeks ago | 0 commits to stable since this release

    Added

    • docker : Introduce new default settings + allow to change the docker data directory
    • docker : Introduce new variables to tweak daemon settings

    Changed

    • evocheck: upstream release 22.05

    Removed

    • docker : Removed Debian Jessie support
    Downloads
     
  • Stable 22.05 c273117c5f

    Release 22.05

    jlecour released this 2 weeks ago | 8 commits to stable since this release

    Added

    • etc-git: use "ansible-commit" to efficiently commit all available repositories (including /etc inside LXC) from Ansible
    • minifirewall: compatibility with "legacy" version of minifirewall
    • minifirewall: configure proxy/backup/sysctl values
    • munin: Add possibility to install local plugins, and install dhcp_pool plugin
    • nagios-nrpe: Add a check dhcp_pool
    • redis: Activate overcommit sysctl
    • redis: Add log2mail user to redis group

    Changed

    • dump-server-state: upstream release 22.04.3
    • evocheck: upstream release 22.04.1
    • evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
    • evolinux-base: rename backup-server-state to dump-server-state
    • generate-ldif: Add services check for bkctld
    • minifirewall: restore "force-restart" and fix "restart-if-needed"
    • minifirewall: tail template follows symlinks
    • minifirewall: upstream release 22.05
    • opendkim : add generate opendkim-genkey in sha256 and key 4096
    • openvpn: use a local copy of files instead of cloning an external git repository
    • openvpn: use a subnet topology instead of the net30 default topology
    • tomcat: Tomcat 9 by default with Debian 11
    • vrrpd: Store sysctl values in specific file

    Fixed

    • etc-git : Remount /usr in rw for git gc in in /usr/share/scripts/
    • etc-git: Make evocommit fully compatible with OpenBSD
    • generate-ldif: Correct generated entries for php-fpm in containers
    • keepalived: repair broken role
    • minifirewall: fix failed_when condition on restart
    • postfix: Do not send mails through milters a second time after amavis (in packmail)
    • redis: Remount /usr with RW before adding nagios plugin
    Downloads
     
  • Stable 22.03 d7d58bf158

    Release 22.03

    jlecour released this 3 months ago | 92 commits to stable since this release

    Added

    • apt: apt_hold_packages: broadcast message with wall, if present
    • evolinux-base: option to bypass raid-related tasks
    • Explicit permissions for systemd overrides
    • generate-ldif: Add support for php-fpm in containers
    • kvm-host: add missing default value
    • lxc-php: preliminary support for PHP 8.1 container
    • openvpn: now check that openvpn has been restarted since last certificates renewal
    • redis: always install check_redis_instances
    • redis: check_redis_instances tolerates absence of instances

    Changed

    • elasticsearch: Use /etc/elasticsearch/jvm.options.d/evolinux instead of default /etc/elasticsearch/jvm.options
    • evolinux-users: check permissions for /etc/sudoers.d
    • evolinux-users: optimize sudo configuration
    • lxc: Fail if /var is nosuid
    • openvpn: make it compatible with OpenBSD and add some improvements
    Downloads
     
  • Stable 22.01.3 25563ee0f0

    Release 22.01.3

    jlecour released this 4 months ago | 116 commits to stable since this release

    Changed

    • rbenv: install Ruby 3.1.0 by default
    • evolinux-base: backup-server-state: add "force" mode

    Fixed

    • evolinux-base: backup-server-state: fix systemctl invocation
    Downloads
     
  • Stable 22.01.2 359719d0d0

    Release 22.01.2

    jlecour released this 4 months ago | 123 commits to stable since this release

    Changed

    • evolinux-base: many improvements for backup-server-state script
    • remount-usr: use findmnt to find if usr is a readonly partition
    Downloads
     
  • Stable 22.01 2c6a3601de

    Release 22.01

    jlecour released this 4 months ago | 132 commits to stable since this release

    Added

    • Support for Debian 11 « Bullseye » (with possible remaining blind spots)
    • apache: new variable for MPM mode (+ updated default config accordingly)
    • apache: prevent accessing Git or "env" related files
    • certbot: add script for manual deploy hooks execution
    • docker-host: install additional dependencies
    • dovecot: switch to TLS 1.2+ and external DH params
    • etc-git: centralize cron jobs in dedicated crontab
    • etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
    • evolinux-base: add script backup-server-state
    • evolinux-base: configure top and htop to display the swap column
    • evolinux-base: install molly-guard by default
    • generate-ldif: detect RAID controller
    • generate-ldif: detect mdadm
    • listupgrade: crontab is configurable
    • logstash: logging to syslog is configurable (default: True)
    • mongodb: create munin plugins directory if missing
    • munin: systemd override to unprotect home directory
    • mysql: add evomariabackup 21.11
    • mysql: improve Bullseye compatibility
    • mysql: script "mysql_connections" to display a compact list of connections
    • mysql: script "mysql-queries-killer.sh" to kill MySQL queries
    • nagios-nrpe + evolinux-users: new check for ipmi
    • nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
    • nagios-nrpe + evolinux-users: new checks for bkctld
    • nagios-nrpe: new check influxdb
    • openvpn: new role (beta)
    • redis: instance service for Debian 11
    • squid: add *.o.lencr.org to default whitelist

    Changed

    • Change version pattern
    • Install python 2 or 3 libraries according to running python version
    • Remove embedded GPG keys only if legacy keyring is present
    • apt: remove workaround for Evolix public repositories with Debian 11
    • apt: upgrade packages after all the configuration is done
    • apt: use the new security repository for Bullseye
    • certbot: silence letsencrypt deprecation warnings
    • elasticsearch: elastic_stack_version = 7.x
    • evoacme: exclude renewal-hooks directory from cron
    • evoadmin-web: simpler PHP packages lists
    • evocheck: upstream release 21.10.4
    • evolinux-base: alert5 comes after the network
    • evolinux-base: force Debian version to buster for Evolix repository (temporary)
    • evolinux-base: install freeipmi by default on dedicated hw
    • evolinux-base: logs are rotated with dateext by default
    • evolinux-base: split dpkg logrotate configuration
    • evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
    • evomaintenance: extract a config.yml tasks file
    • evomaintenance: upstream release 22.01
    • filebeat/metricbeat: elastic_stack_version = 7.x
    • kibana: elastic_stack_version = 7.x
    • listupgrade: old-kernel-removal version 21.10
    • listupgrade: upstream release 21.06.3
    • logstash: elastic_stack_version = 7.x
    • mongodb: Allow to specify a mongodb version for buster & bullseye
    • mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
    • mongodb: Support version 5.0 (for buster)
    • mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
    • nodejs: default to version 16 LTS
    • php: enforce Debian version with assert instead of fail
    • squid: improve default whitelist (more specific patterns)
    • squid: must be started in foreground mode for systemd
    • squid: remove obsolete variable on Squid 4

    Fixed

    • evolinux-base: fix alert5.service dependency syntax
    • certbot: sync_remote excludes itself
    • lxc-php: fix config for opensmtpd on bullseye containers
    • mysql : Create a default ~root/.my.cnf for compatibility reasons
    • nginx : fix variable name and debug to actually use nginx-light
    • packweb-apache : Support php 8.0
    • nagios-nrpe: Fix check_nfsserver for buster and bullseye

    Removed

    • evocheck: package install is not supported anymore
    • logstash: no more dependency on Java
    • php: remove php-gettext for 7.4
    Downloads
     
  • Stable 10.6.0 1b8de7c524

    Release 10.6.0

    jlecour released this 11 months ago | 322 commits to stable since this release

    Added

    • Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
    • apache: new variable for mpm mode (+ updated default config accordingly)
    • evolinux-base: add default motd template
    • kvm-host: add migrate-vm script
    • mysql: variable to disable myadd script overwrite (default: True)
    • nodejs: update apt cache before installing the package
    • squid: add Yarn apt repository in default whitelist

    Changed

    • Update Galaxy metadata (company, platforms and galaxy_tags)
    • Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
    • Use Ansible syntax used in Ansible 2.8+
    • apt: store keys in /etc/apt/trusted.gpg.d in ascii format
    • certbot: sync_remote.sh is configurable
    • evolinux-base: copy GPG key instead of using apt-key
    • evomaintenance: upstream release 0.6.4
    • kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
    • listupgrade: upstream release 21.06.2
    • nodejs: change GPG key name
    • ntpd: Add leapfile configuration setting to ntpd on debian 10+
    • packweb-apache: install phpMyAdmin from buster-backports
    • spamassassin: change dependency on evomaintenance
    • squid: remove obsolete variable on Squid 4

    Fixed

    • add default (useless) value for file lookup (first_found)
    • fix pipefail option for shell invocations
    • elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
    • evolinux-base: fix motd lookup path
    • ldap: fix edge cases where passwords were not set/get properly
    • listupgrade: fix wget error + shellcheck cleanup

    Removed

    • elasticsearch: recent versiond don't depend on external JRE
    Downloads
     
  • Stable 10.5.1 2f4b5b9448

    Release 10.5.1

    jlecour released this 1 year ago | 410 commits to stable since this release

    Added

    • haproxy: dedicated internal address/binding (without SSL)

    Changed

    • etc-git: commit in /usr/share/scripts when there's an active repository
    Downloads
     
  • Stable 10.5.0 c85864a6a5

    Release 10.5.0

    jlecour released this 1 year ago | 414 commits to stable since this release

    Added

    • apache: new variables for logrotate + server-status
    • filebeat: package can be upgraded to latest (default: False)
    • haproxy: possible admin access with login/pass
    • lxc-php: Add PHP 7.4 support
    • metricbeat: package can be upgraded to latest (default: False)
    • metricbeat: new variables to configure SSL mode
    • nagios-nrpe: new script check_phpfpm_multi
    • nginx: add access to server status on default VHost
    • postfix: add smtpd_relay_restrictions in configuration

    Changed

    • apache: rotate logs daily instead of weekly
    • apache: deny requests to ^/evolinux_fpm_status-.*
    • certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
    • certbot: use the legacy script on Debian 8 and 9
    • elasticsearch: log rotation is more readable/maintainable
    • evoacme: upstream release 21.01
    • evolinux-users: Add sudo rights for nagios for multi-php lxc
    • listupgrade: update script from upstream
    • minifirewall: change some defaults
    • nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
    • redis: use /run instead or /var/run
    • redis: escape password in Munin configuration

    Fixed

    • bind9: added log files to apparmor definition so bind can run
    • filebeat: fix Ansible syntax error
    • nagios-nrpe: libfcgi-client-perl is not available before Debian 10
    • redis: socket/pid directories have the correct permissions

    Removed

    • nginx: no more "minimal" mode, but the package remains customizable.
    Downloads
     
  • Stable 10.4.0 6e7acd1abd

    Release 10.4.0

    jlecour released this 1 year ago | 461 commits to stable since this release

    Added

    • certbot: detect domains if missing
    • certbot: new "sync_remote.sh" hook to sync certificates and execute hooks on remote servers
    • varnish: variable for jail configuration

    Changed

    • certbot: disable auth for Let's Encrypt challenge
    • nginx: change from "nginx_status-XXX" to "server-status-XXX"
    Downloads