Releases Tags
-
Release 22.05.1 Stable
jlecour released this 11 months ago | 361 commits to stable since this release
Added
- docker : Introduce new default settings + allow to change the docker data directory
- docker : Introduce new variables to tweak daemon settings
Changed
- evocheck: upstream release 22.05
Removed
- docker : Removed Debian Jessie support
Downloads
-
Release 22.05 Stable
Added
- etc-git: use "ansible-commit" to efficiently commit all available repositories (including /etc inside LXC) from Ansible
- minifirewall: compatibility with "legacy" version of minifirewall
- minifirewall: configure proxy/backup/sysctl values
- munin: Add possibility to install local plugins, and install dhcp_pool plugin
- nagios-nrpe: Add a check dhcp_pool
- redis: Activate overcommit sysctl
- redis: Add log2mail user to redis group
Changed
- dump-server-state: upstream release 22.04.3
- evocheck: upstream release 22.04.1
- evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
- evolinux-base: rename backup-server-state to dump-server-state
- generate-ldif: Add services check for bkctld
- minifirewall: restore "force-restart" and fix "restart-if-needed"
- minifirewall: tail template follows symlinks
- minifirewall: upstream release 22.05
- opendkim : add generate opendkim-genkey in sha256 and key 4096
- openvpn: use a local copy of files instead of cloning an external git repository
- openvpn: use a subnet topology instead of the net30 default topology
- tomcat: Tomcat 9 by default with Debian 11
- vrrpd: Store sysctl values in specific file
Fixed
- etc-git : Remount /usr in rw for git gc in in /usr/share/scripts/
- etc-git: Make evocommit fully compatible with OpenBSD
- generate-ldif: Correct generated entries for php-fpm in containers
- keepalived: repair broken role
- minifirewall: fix
failed_whencondition on restart - postfix: Do not send mails through milters a second time after amavis (in packmail)
- redis: Remount /usr with RW before adding nagios plugin
Downloads
-
Release 22.03 Stable
Added
- apt: apt_hold_packages: broadcast message with wall, if present
- evolinux-base: option to bypass raid-related tasks
- Explicit permissions for systemd overrides
- generate-ldif: Add support for php-fpm in containers
- kvm-host: add missing default value
- lxc-php: preliminary support for PHP 8.1 container
- openvpn: now check that openvpn has been restarted since last certificates renewal
- redis: always install check_redis_instances
- redis: check_redis_instances tolerates absence of instances
Changed
- elasticsearch: Use
/etc/elasticsearch/jvm.options.d/evolinuxinstead of default/etc/elasticsearch/jvm.options - evolinux-users: check permissions for /etc/sudoers.d
- evolinux-users: optimize sudo configuration
- lxc: Fail if /var is nosuid
- openvpn: make it compatible with OpenBSD and add some improvements
Downloads
-
Release 22.01.3 Stable
Changed
- rbenv: install Ruby 3.1.0 by default
- evolinux-base: backup-server-state: add "force" mode
Fixed
- evolinux-base: backup-server-state: fix systemctl invocation
Downloads
-
Release 22.01.2 Stable
Changed
- evolinux-base: many improvements for backup-server-state script
- remount-usr: use findmnt to find if usr is a readonly partition
Downloads
-
Release 22.01 Stable
Added
- Support for Debian 11 « Bullseye » (with possible remaining blind spots)
- apache: new variable for MPM mode (+ updated default config accordingly)
- apache: prevent accessing Git or "env" related files
- certbot: add script for manual deploy hooks execution
- docker-host: install additional dependencies
- dovecot: switch to TLS 1.2+ and external DH params
- etc-git: centralize cron jobs in dedicated crontab
- etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
- evolinux-base: add script backup-server-state
- evolinux-base: configure top and htop to display the swap column
- evolinux-base: install molly-guard by default
- generate-ldif: detect RAID controller
- generate-ldif: detect mdadm
- listupgrade: crontab is configurable
- logstash: logging to syslog is configurable (default: True)
- mongodb: create munin plugins directory if missing
- munin: systemd override to unprotect home directory
- mysql: add evomariabackup 21.11
- mysql: improve Bullseye compatibility
- mysql: script "mysql_connections" to display a compact list of connections
- mysql: script "mysql-queries-killer.sh" to kill MySQL queries
- nagios-nrpe + evolinux-users: new check for ipmi
- nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
- nagios-nrpe + evolinux-users: new checks for bkctld
- nagios-nrpe: new check influxdb
- openvpn: new role (beta)
- redis: instance service for Debian 11
- squid: add *.o.lencr.org to default whitelist
Changed
- Change version pattern
- Install python 2 or 3 libraries according to running python version
- Remove embedded GPG keys only if legacy keyring is present
- apt: remove workaround for Evolix public repositories with Debian 11
- apt: upgrade packages after all the configuration is done
- apt: use the new security repository for Bullseye
- certbot: silence letsencrypt deprecation warnings
- elasticsearch: elastic_stack_version = 7.x
- evoacme: exclude renewal-hooks directory from cron
- evoadmin-web: simpler PHP packages lists
- evocheck: upstream release 21.10.4
- evolinux-base: alert5 comes after the network
- evolinux-base: force Debian version to buster for Evolix repository (temporary)
- evolinux-base: install freeipmi by default on dedicated hw
- evolinux-base: logs are rotated with dateext by default
- evolinux-base: split dpkg logrotate configuration
- evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
- evomaintenance: extract a config.yml tasks file
- evomaintenance: upstream release 22.01
- filebeat/metricbeat: elastic_stack_version = 7.x
- kibana: elastic_stack_version = 7.x
- listupgrade: old-kernel-removal version 21.10
- listupgrade: upstream release 21.06.3
- logstash: elastic_stack_version = 7.x
- mongodb: Allow to specify a mongodb version for buster & bullseye
- mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
- mongodb: Support version 5.0 (for buster)
- mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
- nodejs: default to version 16 LTS
- php: enforce Debian version with assert instead of fail
- squid: improve default whitelist (more specific patterns)
- squid: must be started in foreground mode for systemd
- squid: remove obsolete variable on Squid 4
Fixed
- evolinux-base: fix alert5.service dependency syntax
- certbot: sync_remote excludes itself
- lxc-php: fix config for opensmtpd on bullseye containers
- mysql : Create a default ~root/.my.cnf for compatibility reasons
- nginx : fix variable name and debug to actually use nginx-light
- packweb-apache : Support php 8.0
- nagios-nrpe: Fix check_nfsserver for buster and bullseye
Removed
- evocheck: package install is not supported anymore
- logstash: no more dependency on Java
- php: remove php-gettext for 7.4
Downloads
-
Release 10.6.0 Stable
Added
- Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
- apache: new variable for mpm mode (+ updated default config accordingly)
- evolinux-base: add default motd template
- kvm-host: add migrate-vm script
- mysql: variable to disable myadd script overwrite (default: True)
- nodejs: update apt cache before installing the package
- squid: add Yarn apt repository in default whitelist
Changed
- Update Galaxy metadata (company, platforms and galaxy_tags)
- Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
- Use Ansible syntax used in Ansible 2.8+
- apt: store keys in /etc/apt/trusted.gpg.d in ascii format
- certbot: sync_remote.sh is configurable
- evolinux-base: copy GPG key instead of using apt-key
- evomaintenance: upstream release 0.6.4
- kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
- listupgrade: upstream release 21.06.2
- nodejs: change GPG key name
- ntpd: Add leapfile configuration setting to ntpd on debian 10+
- packweb-apache: install phpMyAdmin from buster-backports
- spamassassin: change dependency on evomaintenance
- squid: remove obsolete variable on Squid 4
Fixed
- add default (useless) value for file lookup (first_found)
- fix pipefail option for shell invocations
- elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
- evolinux-base: fix motd lookup path
- ldap: fix edge cases where passwords were not set/get properly
- listupgrade: fix wget error + shellcheck cleanup
Removed
- elasticsearch: recent versiond don't depend on external JRE
Downloads
-
Release 10.5.1 Stable
Added
- haproxy: dedicated internal address/binding (without SSL)
Changed
- etc-git: commit in /usr/share/scripts when there's an active repository
Downloads
-
Release 10.5.0 Stable
Added
- apache: new variables for logrotate + server-status
- filebeat: package can be upgraded to latest (default: False)
- haproxy: possible admin access with login/pass
- lxc-php: Add PHP 7.4 support
- metricbeat: package can be upgraded to latest (default: False)
- metricbeat: new variables to configure SSL mode
- nagios-nrpe: new script check_phpfpm_multi
- nginx: add access to server status on default VHost
- postfix: add smtpd_relay_restrictions in configuration
Changed
- apache: rotate logs daily instead of weekly
- apache: deny requests to ^/evolinux_fpm_status-.*
- certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
- certbot: use the legacy script on Debian 8 and 9
- elasticsearch: log rotation is more readable/maintainable
- evoacme: upstream release 21.01
- evolinux-users: Add sudo rights for nagios for multi-php lxc
- listupgrade: update script from upstream
- minifirewall: change some defaults
- nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
- redis: use /run instead or /var/run
- redis: escape password in Munin configuration
Fixed
- bind9: added log files to apparmor definition so bind can run
- filebeat: fix Ansible syntax error
- nagios-nrpe: libfcgi-client-perl is not available before Debian 10
- redis: socket/pid directories have the correct permissions
Removed
- nginx: no more "minimal" mode, but the package remains customizable.
Downloads
-
Release 10.4.0 Stable
Added
- certbot: detect domains if missing
- certbot: new "sync_remote.sh" hook to sync certificates and execute hooks on remote servers
- varnish: variable for jail configuration
Changed
- certbot: disable auth for Let's Encrypt challenge
- nginx: change from "nginx_status-XXX" to "server-status-XXX"
Downloads