• 22.01.3 25563ee0f0

    jlecour released this 2022-01-31 11:58:46 +01:00 | 949 commits to stable since this release

    Changed

    • rbenv: install Ruby 3.1.0 by default
    • evolinux-base: backup-server-state: add "force" mode

    Fixed

    • evolinux-base: backup-server-state: fix systemctl invocation
    Downloads
  • 22.01.2 359719d0d0

    jlecour released this 2022-01-27 14:15:00 +01:00 | 956 commits to stable since this release

    Changed

    • evolinux-base: many improvements for backup-server-state script
    • remount-usr: use findmnt to find if usr is a readonly partition
    Downloads
  • 22.01 2c6a3601de

    Release 22.01 Stable

    jlecour released this 2022-01-25 18:31:11 +01:00 | 965 commits to stable since this release

    Added

    • Support for Debian 11 « Bullseye » (with possible remaining blind spots)
    • apache: new variable for MPM mode (+ updated default config accordingly)
    • apache: prevent accessing Git or "env" related files
    • certbot: add script for manual deploy hooks execution
    • docker-host: install additional dependencies
    • dovecot: switch to TLS 1.2+ and external DH params
    • etc-git: centralize cron jobs in dedicated crontab
    • etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
    • evolinux-base: add script backup-server-state
    • evolinux-base: configure top and htop to display the swap column
    • evolinux-base: install molly-guard by default
    • generate-ldif: detect RAID controller
    • generate-ldif: detect mdadm
    • listupgrade: crontab is configurable
    • logstash: logging to syslog is configurable (default: True)
    • mongodb: create munin plugins directory if missing
    • munin: systemd override to unprotect home directory
    • mysql: add evomariabackup 21.11
    • mysql: improve Bullseye compatibility
    • mysql: script "mysql_connections" to display a compact list of connections
    • mysql: script "mysql-queries-killer.sh" to kill MySQL queries
    • nagios-nrpe + evolinux-users: new check for ipmi
    • nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
    • nagios-nrpe + evolinux-users: new checks for bkctld
    • nagios-nrpe: new check influxdb
    • openvpn: new role (beta)
    • redis: instance service for Debian 11
    • squid: add *.o.lencr.org to default whitelist

    Changed

    • Change version pattern
    • Install python 2 or 3 libraries according to running python version
    • Remove embedded GPG keys only if legacy keyring is present
    • apt: remove workaround for Evolix public repositories with Debian 11
    • apt: upgrade packages after all the configuration is done
    • apt: use the new security repository for Bullseye
    • certbot: silence letsencrypt deprecation warnings
    • elasticsearch: elastic_stack_version = 7.x
    • evoacme: exclude renewal-hooks directory from cron
    • evoadmin-web: simpler PHP packages lists
    • evocheck: upstream release 21.10.4
    • evolinux-base: alert5 comes after the network
    • evolinux-base: force Debian version to buster for Evolix repository (temporary)
    • evolinux-base: install freeipmi by default on dedicated hw
    • evolinux-base: logs are rotated with dateext by default
    • evolinux-base: split dpkg logrotate configuration
    • evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
    • evomaintenance: extract a config.yml tasks file
    • evomaintenance: upstream release 22.01
    • filebeat/metricbeat: elastic_stack_version = 7.x
    • kibana: elastic_stack_version = 7.x
    • listupgrade: old-kernel-removal version 21.10
    • listupgrade: upstream release 21.06.3
    • logstash: elastic_stack_version = 7.x
    • mongodb: Allow to specify a mongodb version for buster & bullseye
    • mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
    • mongodb: Support version 5.0 (for buster)
    • mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
    • nodejs: default to version 16 LTS
    • php: enforce Debian version with assert instead of fail
    • squid: improve default whitelist (more specific patterns)
    • squid: must be started in foreground mode for systemd
    • squid: remove obsolete variable on Squid 4

    Fixed

    • evolinux-base: fix alert5.service dependency syntax
    • certbot: sync_remote excludes itself
    • lxc-php: fix config for opensmtpd on bullseye containers
    • mysql : Create a default ~root/.my.cnf for compatibility reasons
    • nginx : fix variable name and debug to actually use nginx-light
    • packweb-apache : Support php 8.0
    • nagios-nrpe: Fix check_nfsserver for buster and bullseye

    Removed

    • evocheck: package install is not supported anymore
    • logstash: no more dependency on Java
    • php: remove php-gettext for 7.4
    Downloads
  • 10.6.0 1b8de7c524

    jlecour released this 2021-06-28 16:05:18 +02:00 | 1155 commits to stable since this release

    Added

    • Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
    • apache: new variable for mpm mode (+ updated default config accordingly)
    • evolinux-base: add default motd template
    • kvm-host: add migrate-vm script
    • mysql: variable to disable myadd script overwrite (default: True)
    • nodejs: update apt cache before installing the package
    • squid: add Yarn apt repository in default whitelist

    Changed

    • Update Galaxy metadata (company, platforms and galaxy_tags)
    • Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
    • Use Ansible syntax used in Ansible 2.8+
    • apt: store keys in /etc/apt/trusted.gpg.d in ascii format
    • certbot: sync_remote.sh is configurable
    • evolinux-base: copy GPG key instead of using apt-key
    • evomaintenance: upstream release 0.6.4
    • kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
    • listupgrade: upstream release 21.06.2
    • nodejs: change GPG key name
    • ntpd: Add leapfile configuration setting to ntpd on debian 10+
    • packweb-apache: install phpMyAdmin from buster-backports
    • spamassassin: change dependency on evomaintenance
    • squid: remove obsolete variable on Squid 4

    Fixed

    • add default (useless) value for file lookup (first_found)
    • fix pipefail option for shell invocations
    • elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
    • evolinux-base: fix motd lookup path
    • ldap: fix edge cases where passwords were not set/get properly
    • listupgrade: fix wget error + shellcheck cleanup

    Removed

    • elasticsearch: recent versiond don't depend on external JRE
    Downloads
  • 10.5.1 2f4b5b9448

    jlecour released this 2021-04-13 15:57:53 +02:00 | 1243 commits to stable since this release

    Added

    • haproxy: dedicated internal address/binding (without SSL)

    Changed

    • etc-git: commit in /usr/share/scripts when there's an active repository
    Downloads
  • 10.5.0 c85864a6a5

    jlecour released this 2021-04-01 15:41:36 +02:00 | 1247 commits to stable since this release

    Added

    • apache: new variables for logrotate + server-status
    • filebeat: package can be upgraded to latest (default: False)
    • haproxy: possible admin access with login/pass
    • lxc-php: Add PHP 7.4 support
    • metricbeat: package can be upgraded to latest (default: False)
    • metricbeat: new variables to configure SSL mode
    • nagios-nrpe: new script check_phpfpm_multi
    • nginx: add access to server status on default VHost
    • postfix: add smtpd_relay_restrictions in configuration

    Changed

    • apache: rotate logs daily instead of weekly
    • apache: deny requests to ^/evolinux_fpm_status-.*
    • certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
    • certbot: use the legacy script on Debian 8 and 9
    • elasticsearch: log rotation is more readable/maintainable
    • evoacme: upstream release 21.01
    • evolinux-users: Add sudo rights for nagios for multi-php lxc
    • listupgrade: update script from upstream
    • minifirewall: change some defaults
    • nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
    • redis: use /run instead or /var/run
    • redis: escape password in Munin configuration

    Fixed

    • bind9: added log files to apparmor definition so bind can run
    • filebeat: fix Ansible syntax error
    • nagios-nrpe: libfcgi-client-perl is not available before Debian 10
    • redis: socket/pid directories have the correct permissions

    Removed

    • nginx: no more "minimal" mode, but the package remains customizable.
    Downloads
  • 10.4.0 6e7acd1abd

    jlecour released this 2020-12-24 14:02:51 +01:00 | 1294 commits to stable since this release

    Added

    • certbot: detect domains if missing
    • certbot: new "sync_remote.sh" hook to sync certificates and execute hooks on remote servers
    • varnish: variable for jail configuration

    Changed

    • certbot: disable auth for Let's Encrypt challenge
    • nginx: change from "nginx_status-XXX" to "server-status-XXX"
    Downloads
  • 10.3.0 03b91177b1

    jlecour released this 2020-12-21 16:13:11 +01:00 | 1306 commits to stable since this release

    Added

    • dovecot: Update munin plugin & configure it
    • dovecot: vmail uid/gid are configurable
    • evoacme: variable to disable Debian version check (default: False)
    • kvm-host: Add drbd role dependency (toggleable with kvm_install_drbd)
    • minifirewall: upstream release 20.12
    • minifirewall: add variables to force upgrade the script and the config (default: False)
    • mysql: install save_mysql_processlist script
    • nextcloud: New role to setup a nextcloud instance
    • redis: variable to force use of port 6379 in instances mode
    • redis: check maxmemory in NRPE check
    • lxc-php: Allow php containers to contact local MySQL with localhost
    • varnish: config file name is configurable

    Changed

    • Create system users for vmail (dovecot) and evoadmin
    • apt: disable APT Periodic
    • evoacme: upstream release 20.12
    • evocheck: upstream release 20.12
    • evolinux-users: improve uid/login checks
    • tomcat-instance: fail if uid already exists
    • varnish: change template name for better readability
    • varnish: no threadpool delay by default
    • varnish: no custom reload script for Debian 10 and later

    Fixed

    • cerbot: parse HAProxy config file only if HAProxy is found
    Downloads
  • 10.2.0 f717c31acc

    jlecour released this 2020-09-17 14:14:13 +02:00 | 1358 commits to stable since this release

    Added

    • evoacme: remount /usr if necessary
    • evolinux-base: swappiness is customizable
    • evolinux-base: install wget
    • tomcat: root directory owner/group are configurable

    Changed

    • Change default public SSH/SFTP port from 2222 to 22222

    Fixed

    • certbot: an empty change shouldn't raise an exception
    • certbot: fix "no-self-upgrade" option

    Removed

    • evoacme: remove Debian 9 support
    Downloads
  • 10.1.0 8460938f35

    jlecour released this 2020-08-21 14:57:13 +02:00 | 1462 commits to stable since this release

    Added

    • certbot: detect HAProxy cert directory
    • filebeat: allow using a template
    • generate-ldif: add NVMe disk support
    • haproxy: add deny_ips file to reject connections
    • haproxy: add some comments to default config
    • haproxy: enable stats frontend with access lists
    • haproxy: preconfigure SSL with defaults
    • lxc-php: Don't disable putenv() by default in PHP settings
    • lxc-php: Install php-sqlite by default
    • metricbeat: allow using a template
    • mysql: activate binary logs by specifying log_bin path
    • mysql: option to define as read only
    • mysql: specify a custom server_id
    • nagios-nrpe/evolinux-base: brand new check for hardware raid on HP servers gen 10
    • nginx: make default vhost configurable
    • packweb-apache: Install zip & unzip by default
    • php: Don't disable putenv() by default in PHP settings
    • php: Install php-sqlite by default

    Changed

    • certbot: fix haproxy hook (ssl cert directory detection)
    • certbot: install certbot dependencies non-interactively for jessie
    • elasticsearch: configure cluster with seed hosts and initial masters
    • elasticsearch: set tmpdir before datadir
    • evoacme: read values from environment before defaults file
    • evoacme: update for new certbot role
    • evoacme: upstream release 20.08
    • haproxy: adapt backports installed package list to distibution
    • haproxy: chroot and socket path are configurable
    • haproxy: deport SSL tuning to Mozilla SSL generator
    • haproxy: rotate logs with date extension and immediate compression
    • haproxy: split stats variables
    • lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
    • mongodb: install custom munin plugins
    • nginx: read server-status values before changing the config
    • packweb-apache: Don't turn on mod-evasive emails by default
    • redis: create sudoers file if missing
    • redis: new syntax for match filter
    • redis: raise an error is port 6379 is used in "instance" mode

    Fixed

    • certbot: restore compatibility with old Nginx
    • evobackup-client: fixed the ssh connection test
    • generate-ldif: better detection of computerOS field
    • generate-ldif: skip some odd ethernet devices
    • lxc-php: Install opensmtpd as intended
    • mongodb: fix logrotate patterm on Debian buster
    • nagios-nrpe: check_amavis: updated regex
    • squid: better regex to match sa-update domains
    • varnish: fix start command when multiple addresses are present
    Downloads