Releases

  • Version 10.0.0

    jlecour 2 weeks ago 0 commits to stable since this release

    Added

    • apache: the default VHost doesn't redirect to https for “.well-known” paths
    • apt: added buster backports prerferences
    • apt: check if cron is installed before adding a cron job
    • apt: remove jessie/buster sources from Gandi servers
    • apt: verify that /etc/evolinux is present
    • certbot : new role to install and configure certbot
    • etc-git: add versioning for /usr/share/scripts on Debian 10+
    • evoacme: upstream version 19.11
    • evolinux-base: default value for “evolinux_ssh_group”
    • evolinux-base: install /sbin/deny
    • evolinux-base: install Evocheck (default: True)
    • evolinux-base: on debian 10 and later, add noexec on /dev/shm
    • evolinux-base: on debian 10 and later, add /usr/share/scripts in root's PATH
    • evolinux-base: remove the chrony package
    • evomaintenance: don't configure firewall for database if not necessary
    • generate-ldif: support MariaDB 10.3
    • haproxy: add a variable to keep the existing configuration
    • java: add Java 11 as possible version to install
    • listupgrade: install old-kernel-autoremoval script
    • minifirewall: add a variable to force the check scripts update
    • mongodb: mongodb: compatibility with Debian 10
    • mysql-oracle: backport tasks from mysql role
    • mysql: activate binary logs by specifying log_bin path
    • mysql: specify a custom server_id
    • networkd-to-ifconfig: add variables for configuration by variables
    • packweb-apache: Deploy opcache.php to give some insights on PHP's opcache status
    • php: variable to install the mysqlnd module instead of the default mysql module
    • postgresql : variable to install PostGIS (default: False)
    • redis: rewrite of the role (separate instances, better systemd units…)
    • webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
    • webapps/evoadmin-web Overload templates if needed
    • evolinux-base: install ssacli for HP Smart Array
    • evobackup-client role to configure a machine for backups with bkctld(8)
    • bind: enable query logging for recursive resolvers
    • bind: enable logrotate for recursive resolvers
    • bind: enable bind9 munin plugin for recursive resolvers

    Changed

    • replace version_compare() with version()s
    • removed some deprecations for Ansible 2.7
    • apache: improve permissions in save_apache_status script
    • apt: hold packages only if package is installed
    • bind: the munin task was present, but not included
    • bind: change name of logrotate file to bind9
    • certbot: commit hook must be executed at the end
    • elasticsearch: listen on local interface only by default
    • evocheck: upstream version 20.04.4
    • evocheck: cron jobs execute in verbose
    • evolinux-base: use “evolinux_internal_group” for SSH authentication
    • evolinux-base: Don't customize the logcheck recipient by default.
    • evolinux-base: configure cciss-vol-statusd in the proper file
    • evomaintenance: upstream release 0.6.3
    • evomaintenance: Turn on API by default (instead of DB)
    • evomaintenance: install PG dependencies only when needed
    • listupgrade: update from upstream
    • lxc: rely on lxc_container module instead of command module
    • lxc: remove useless loop in apt execution
    • lxc: update our default template to be compatible with Debian 10
    • lxc-php: refactor tasks for better maintainability
    • lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
    • lxc-solr: changed default Solr version to 8.4.1
    • minifirewall: better alert5 activation
    • minifirewall: no http filtering by default
    • minifirewall: /bin/true command doesn't report “changed” anymore
    • nagios-nrpe: update check_redis_instances (same as redis role)
    • nagios-nrpe: change default haproxy socket path
    • nagios-nrpe: check_mode per cpu dynamically
    • nodejs: change default version to 12 (new LTS)
    • packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
    • php: By default, allow 128M for OpCache (instead of 64M)
    • php: Don't set a chroot for the default fpm pool
    • php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
    • php: Change the default pool names to something more explicit (and same for the variables names)
    • php: Add a task to remove Debian's default FPM pool file (off by default)
    • php: Cleanup CLI Settings. Also, allow url fopen and don't disable functions (in CLI only)
    • postgresql : changed logrotate config to 10 days (and fixed permissions)
    • rbenv: changed default Ruby version to 2.7.0
    • squid: Remove wait time when we turn off squid
    • squid: compatibility wit Debian 10
    • tomcat: package version derived from Debian version if missing
    • varnish: remove custom ExecReload= script for Debian 10+

    Fixed

    • etc-git: fix warnings ansible-lint
    • evoadmin-web: Put the php config at the right place for Buster
    • lxc: Don't stop the container if it already exists
    • lxc: Fix container existance check to be able to run in check_mode
    • lxc-php: Don't remove the default pool
    • minifirewall: fix warnings ansible-lint
    • nginx: fix munin fcgi not working (missing chmod 660 on logs)
    • php: add missing handler for php7.3-fpm
    • roundcube: fix typo for roundcube vhost
    • tomcat: fix typo for default tomcat_version
    • evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
    • certbot: Properly evaluate when apache is installed
    • evolinux-base: Don't make alert5.service executable as systemd will complain
    • webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
    • minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
    • minifirewall: Properly detect alert5.sh to turn on firewall at boot
    • packweb-apache: Add missing dependency to evoacme role
    • php: Chose the debian version repo archive for packages.sury.org
    • php: update surry_post.yml to match current latest PHP release
    • packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available

    Removed

    • clamav : do not install the zoo package anymore
     
  • Version 9.10.1

    jlecour 11 months ago 322 commits to stable since this release

    Changed

    • evocheck : update (version 19.06) from upstream
     
  • Version 9.10.0

    jlecour 11 months ago 325 commits to stable since this release

    Added

    • apache: add server status suffix in VHost (and default site) if missing
    • apache: add a variable to customize the server-status host
    • apt: add a script to manage packages with “hold” mark
    • etc-git: gitignore /etc/letsencrypt/.certbot.lock
    • evolinux-base: install “spectre-meltdown-checker” (Debian 10 and later)
    • evomaintenance: make hooks configurable
    • nginx: add server status suffix in VHost (and default site) if missing
    • redmine: enable gzip compression in nginx vhost

    Changed

    • evocheck : update (unreleased) from upstream
    • evomaintenance : use the web API instead of PG Insert
    • fluentd: store gpg key locally
    • rbenv: update defaults rbenv version to 1.1.2 and ruby version to 2.6.3
    • redmine: update default version to 4.0.3
    • nagios-nrpe: change required status code for http and https check
    • redmine: use custom errors-pages in Nginx vhost
    • nagios-nrpe: check_load is now based on ansible_processor_vcpus
    • php: Stop enforcing /var/www/html as chroot while we use /var/www
    • apt: Add Debian Buster repositories

    Fixed

    • rbenv: add check_mode for check rbenv and ruby versions
    • nagios-nrpe: fix redis_instances check when Redis port equal 0
    • redmine: fix 500 error on logging
    • evolinux-base: Validate sshd config with “-t” instead of “-T”
    • evolinux-base: Ensure rename is present
    • evolinux-users: Validate sshd config with “-t” instead of “-T”
    • nagios-nrpe: Replace the dummy packages nagios-plugins-* with monitoring-plugins-*
     
  • Version 9.9.0

    jlecour 1 year ago 394 commits to stable since this release

    Added

    • evocheck : add “x-frame-options: sameorigin” for Munin
    • etc-git: ignore evobackup/.keep-* files
    • lxc: /home is mounted in the container by default

    Changed

    • changed remote repository to https://gitea.evolix.org/evolix/ansible-roles
    • apt: Ensure jessie-backport from archives.debian.org is accepted
    • apt: Remove jessie-update suite as it's no longer exists
    • apt: Replace mirror.evolix.org by archives.debian.org for jessie-backport
    • evocheck : update script from upstream
    • evolinux-base: remove apt-listchanges on Stretch and later
    • evomaintenance: embed version 0.5.0
    • opendkim: aligning roles with our conventions, major changes in opendkim-add.sh
    • redis: higher limit of open files
    • redis: set variables on inclusion, not with set_facts
    • tomcat: better tomcat version management
    • webapps/evoadmin-web: add dbadmin.sh to sudoers file

    Fixed

    • spamassasin: fix sa-update.sh and ensure service is started and enabled
    • tomcat-instance: deploy correct version of config files
    • tomcat-instance: deploy correct version of server.xml
     
  • 1 year ago
  • 1 year ago
  • 1 year ago
  • 1 year ago
  • 1 year ago
  • 1 year ago