-
Release 22.01 Stable
jlecour released this
2022-01-25 18:31:11 +01:00 | 902 commits to stable since this releaseAdded
- Support for Debian 11 « Bullseye » (with possible remaining blind spots)
- apache: new variable for MPM mode (+ updated default config accordingly)
- apache: prevent accessing Git or "env" related files
- certbot: add script for manual deploy hooks execution
- docker-host: install additional dependencies
- dovecot: switch to TLS 1.2+ and external DH params
- etc-git: centralize cron jobs in dedicated crontab
- etc-git: manage commits with an optimized shell script instead of many slow Ansible tasks
- evolinux-base: add script backup-server-state
- evolinux-base: configure top and htop to display the swap column
- evolinux-base: install molly-guard by default
- generate-ldif: detect RAID controller
- generate-ldif: detect mdadm
- listupgrade: crontab is configurable
- logstash: logging to syslog is configurable (default: True)
- mongodb: create munin plugins directory if missing
- munin: systemd override to unprotect home directory
- mysql: add evomariabackup 21.11
- mysql: improve Bullseye compatibility
- mysql: script "mysql_connections" to display a compact list of connections
- mysql: script "mysql-queries-killer.sh" to kill MySQL queries
- nagios-nrpe + evolinux-users: new check for ipmi
- nagios-nrpe + evolinux-users: new check for RAID (soft + hard)
- nagios-nrpe + evolinux-users: new checks for bkctld
- nagios-nrpe: new check influxdb
- openvpn: new role (beta)
- redis: instance service for Debian 11
- squid: add *.o.lencr.org to default whitelist
Changed
- Change version pattern
- Install python 2 or 3 libraries according to running python version
- Remove embedded GPG keys only if legacy keyring is present
- apt: remove workaround for Evolix public repositories with Debian 11
- apt: upgrade packages after all the configuration is done
- apt: use the new security repository for Bullseye
- certbot: silence letsencrypt deprecation warnings
- elasticsearch: elastic_stack_version = 7.x
- evoacme: exclude renewal-hooks directory from cron
- evoadmin-web: simpler PHP packages lists
- evocheck: upstream release 21.10.4
- evolinux-base: alert5 comes after the network
- evolinux-base: force Debian version to buster for Evolix repository (temporary)
- evolinux-base: install freeipmi by default on dedicated hw
- evolinux-base: logs are rotated with dateext by default
- evolinux-base: split dpkg logrotate configuration
- evolinux-users + nagios-nrpe: Add support for php-fpm80 in lxc
- evomaintenance: extract a config.yml tasks file
- evomaintenance: upstream release 22.01
- filebeat/metricbeat: elastic_stack_version = 7.x
- kibana: elastic_stack_version = 7.x
- listupgrade: old-kernel-removal version 21.10
- listupgrade: upstream release 21.06.3
- logstash: elastic_stack_version = 7.x
- mongodb: Allow to specify a mongodb version for buster & bullseye
- mongodb: Deny the install on Debian 11 « Bullseye » when the version is unsupported
- mongodb: Support version 5.0 (for buster)
- mysql: use python3 and mariadb-client-10.5 with Debian 11 and later
- nodejs: default to version 16 LTS
- php: enforce Debian version with assert instead of fail
- squid: improve default whitelist (more specific patterns)
- squid: must be started in foreground mode for systemd
- squid: remove obsolete variable on Squid 4
Fixed
- evolinux-base: fix alert5.service dependency syntax
- certbot: sync_remote excludes itself
- lxc-php: fix config for opensmtpd on bullseye containers
- mysql : Create a default ~root/.my.cnf for compatibility reasons
- nginx : fix variable name and debug to actually use nginx-light
- packweb-apache : Support php 8.0
- nagios-nrpe: Fix check_nfsserver for buster and bullseye
Removed
- evocheck: package install is not supported anymore
- logstash: no more dependency on Java
- php: remove php-gettext for 7.4
Downloads
-
Release 10.6.0 Stable
2021-06-28 16:05:18 +02:00 | 1092 commits to stable since this releaseAdded
- Add Elastic GPG key to kibana, filebeat, logstash, metricbeat roles
- apache: new variable for mpm mode (+ updated default config accordingly)
- evolinux-base: add default motd template
- kvm-host: add migrate-vm script
- mysql: variable to disable myadd script overwrite (default: True)
- nodejs: update apt cache before installing the package
- squid: add Yarn apt repository in default whitelist
Changed
- Update Galaxy metadata (company, platforms and galaxy_tags)
- Use 'loop' syntax instead of 'with_first_found/with_items/with_dict/with_nested/with_list'
- Use Ansible syntax used in Ansible 2.8+
- apt: store keys in /etc/apt/trusted.gpg.d in ascii format
- certbot: sync_remote.sh is configurable
- evolinux-base: copy GPG key instead of using apt-key
- evomaintenance: upstream release 0.6.4
- kvm-host: replace the "kvm-tools" package with scripts deployed by Ansible
- listupgrade: upstream release 21.06.2
- nodejs: change GPG key name
- ntpd: Add leapfile configuration setting to ntpd on debian 10+
- packweb-apache: install phpMyAdmin from buster-backports
- spamassassin: change dependency on evomaintenance
- squid: remove obsolete variable on Squid 4
Fixed
- add default (useless) value for file lookup (first_found)
- fix pipefail option for shell invocations
- elasticsearch: inline YAML formatting of seed_hosts and initial_master_nodes
- evolinux-base: fix motd lookup path
- ldap: fix edge cases where passwords were not set/get properly
- listupgrade: fix wget error + shellcheck cleanup
Removed
- elasticsearch: recent versiond don't depend on external JRE
Downloads
-
Release 10.5.1 Stable
2021-04-13 15:57:53 +02:00 | 1180 commits to stable since this releaseAdded
- haproxy: dedicated internal address/binding (without SSL)
Changed
- etc-git: commit in /usr/share/scripts when there's an active repository
Downloads
-
Release 10.5.0 Stable
2021-04-01 15:41:36 +02:00 | 1184 commits to stable since this releaseAdded
- apache: new variables for logrotate + server-status
- filebeat: package can be upgraded to latest (default: False)
- haproxy: possible admin access with login/pass
- lxc-php: Add PHP 7.4 support
- metricbeat: package can be upgraded to latest (default: False)
- metricbeat: new variables to configure SSL mode
- nagios-nrpe: new script check_phpfpm_multi
- nginx: add access to server status on default VHost
- postfix: add smtpd_relay_restrictions in configuration
Changed
- apache: rotate logs daily instead of weekly
- apache: deny requests to ^/evolinux_fpm_status-.*
- certbot: use a fixed 1.9.0 version of the certbot-auto script (renamed "letsencrypt-auto")
- certbot: use the legacy script on Debian 8 and 9
- elasticsearch: log rotation is more readable/maintainable
- evoacme: upstream release 21.01
- evolinux-users: Add sudo rights for nagios for multi-php lxc
- listupgrade: update script from upstream
- minifirewall: change some defaults
- nagios-nrpe: update check_phpfpm_status.pl & install perl dependencies
- redis: use /run instead or /var/run
- redis: escape password in Munin configuration
Fixed
- bind9: added log files to apparmor definition so bind can run
- filebeat: fix Ansible syntax error
- nagios-nrpe: libfcgi-client-perl is not available before Debian 10
- redis: socket/pid directories have the correct permissions
Removed
- nginx: no more "minimal" mode, but the package remains customizable.
Downloads
-
Release 10.4.0 Stable
2020-12-24 14:02:51 +01:00 | 1231 commits to stable since this releaseAdded
- certbot: detect domains if missing
- certbot: new "sync_remote.sh" hook to sync certificates and execute hooks on remote servers
- varnish: variable for jail configuration
Changed
- certbot: disable auth for Let's Encrypt challenge
- nginx: change from "nginx_status-XXX" to "server-status-XXX"
Downloads
-
Release 10.3.0 Stable
2020-12-21 16:13:11 +01:00 | 1243 commits to stable since this releaseAdded
- dovecot: Update munin plugin & configure it
- dovecot: vmail uid/gid are configurable
- evoacme: variable to disable Debian version check (default: False)
- kvm-host: Add drbd role dependency (toggleable with kvm_install_drbd)
- minifirewall: upstream release 20.12
- minifirewall: add variables to force upgrade the script and the config (default: False)
- mysql: install save_mysql_processlist script
- nextcloud: New role to setup a nextcloud instance
- redis: variable to force use of port 6379 in instances mode
- redis: check maxmemory in NRPE check
- lxc-php: Allow php containers to contact local MySQL with localhost
- varnish: config file name is configurable
Changed
- Create system users for vmail (dovecot) and evoadmin
- apt: disable APT Periodic
- evoacme: upstream release 20.12
- evocheck: upstream release 20.12
- evolinux-users: improve uid/login checks
- tomcat-instance: fail if uid already exists
- varnish: change template name for better readability
- varnish: no threadpool delay by default
- varnish: no custom reload script for Debian 10 and later
Fixed
- cerbot: parse HAProxy config file only if HAProxy is found
Downloads
-
Version 10.2.0 Stable
2020-09-17 14:14:13 +02:00 | 1295 commits to stable since this releaseAdded
- evoacme: remount /usr if necessary
- evolinux-base: swappiness is customizable
- evolinux-base: install wget
- tomcat: root directory owner/group are configurable
Changed
- Change default public SSH/SFTP port from 2222 to 22222
Fixed
- certbot: an empty change shouldn't raise an exception
- certbot: fix "no-self-upgrade" option
Removed
- evoacme: remove Debian 9 support
Downloads
-
Version 10.1.0 Stable
2020-08-21 14:57:13 +02:00 | 1399 commits to stable since this releaseAdded
- certbot: detect HAProxy cert directory
- filebeat: allow using a template
- generate-ldif: add NVMe disk support
- haproxy: add deny_ips file to reject connections
- haproxy: add some comments to default config
- haproxy: enable stats frontend with access lists
- haproxy: preconfigure SSL with defaults
- lxc-php: Don't disable putenv() by default in PHP settings
- lxc-php: Install php-sqlite by default
- metricbeat: allow using a template
- mysql: activate binary logs by specifying log_bin path
- mysql: option to define as read only
- mysql: specify a custom server_id
- nagios-nrpe/evolinux-base: brand new check for hardware raid on HP servers gen 10
- nginx: make default vhost configurable
- packweb-apache: Install zip & unzip by default
- php: Don't disable putenv() by default in PHP settings
- php: Install php-sqlite by default
Changed
- certbot: fix haproxy hook (ssl cert directory detection)
- certbot: install certbot dependencies non-interactively for jessie
- elasticsearch: configure cluster with seed hosts and initial masters
- elasticsearch: set tmpdir before datadir
- evoacme: read values from environment before defaults file
- evoacme: update for new certbot role
- evoacme: upstream release 20.08
- haproxy: adapt backports installed package list to distibution
- haproxy: chroot and socket path are configurable
- haproxy: deport SSL tuning to Mozilla SSL generator
- haproxy: rotate logs with date extension and immediate compression
- haproxy: split stats variables
- lxc-php: Do --no-install-recommends for ssmtp/opensmtpd
- mongodb: install custom munin plugins
- nginx: read server-status values before changing the config
- packweb-apache: Don't turn on mod-evasive emails by default
- redis: create sudoers file if missing
- redis: new syntax for match filter
- redis: raise an error is port 6379 is used in "instance" mode
Fixed
- certbot: restore compatibility with old Nginx
- evobackup-client: fixed the ssh connection test
- generate-ldif: better detection of computerOS field
- generate-ldif: skip some odd ethernet devices
- lxc-php: Install opensmtpd as intended
- mongodb: fix logrotate patterm on Debian buster
- nagios-nrpe: check_amavis: updated regex
- squid: better regex to match sa-update domains
- varnish: fix start command when multiple addresses are present
Downloads
-
Version 10.0.0 Stable
2020-05-13 11:25:48 +02:00 | 1488 commits to stable since this releaseAdded
- apache: the default VHost doesn't redirect to https for ".well-known" paths
- apt: added buster backports prerferences
- apt: check if cron is installed before adding a cron job
- apt: remove jessie/buster sources from Gandi servers
- apt: verify that /etc/evolinux is present
- certbot : new role to install and configure certbot
- etc-git: add versioning for /usr/share/scripts on Debian 10+
- evoacme: upstream version 19.11
- evolinux-base: default value for "evolinux_ssh_group"
- evolinux-base: install /sbin/deny
- evolinux-base: install Evocheck (default:
True) - evolinux-base: on debian 10 and later, add noexec on /dev/shm
- evolinux-base: on debian 10 and later, add /usr/share/scripts in root's PATH
- evolinux-base: remove the chrony package
- evomaintenance: don't configure firewall for database if not necessary
- generate-ldif: support MariaDB 10.3
- haproxy: add a variable to keep the existing configuration
- java: add Java 11 as possible version to install
- listupgrade: install old-kernel-autoremoval script
- minifirewall: add a variable to force the check scripts update
- mongodb: mongodb: compatibility with Debian 10
- mysql-oracle: backport tasks from mysql role
- mysql: activate binary logs by specifying log_bin path
- mysql: specify a custom server_id
- networkd-to-ifconfig: add variables for configuration by variables
- packweb-apache: Deploy opcache.php to give some insights on PHP's opcache status
- php: variable to install the mysqlnd module instead of the default mysql module
- postgresql : variable to install PostGIS (default:
False) - redis: rewrite of the role (separate instances, better systemd units…)
- webapps/evoadmin-web Add an htpasswd to evoadmin if you cant use an apache IP whitelist
- webapps/evoadmin-web Overload templates if needed
- evolinux-base: install ssacli for HP Smart Array
- evobackup-client role to configure a machine for backups with bkctld(8)
- bind: enable query logging for recursive resolvers
- bind: enable logrotate for recursive resolvers
- bind: enable bind9 munin plugin for recursive resolvers
Changed
- replace version_compare() with version()s
- removed some deprecations for Ansible 2.7
- apache: improve permissions in save_apache_status script
- apt: hold packages only if package is installed
- bind: the munin task was present, but not included
- bind: change name of logrotate file to bind9
- certbot: commit hook must be executed at the end
- elasticsearch: listen on local interface only by default
- evocheck: upstream version 20.04.4
- evocheck: cron jobs execute in verbose
- evolinux-base: use "evolinux_internal_group" for SSH authentication
- evolinux-base: Don't customize the logcheck recipient by default.
- evolinux-base: configure cciss-vol-statusd in the proper file
- evomaintenance: upstream release 0.6.3
- evomaintenance: Turn on API by default (instead of DB)
- evomaintenance: install PG dependencies only when needed
- listupgrade: update from upstream
- lxc: rely on lxc_container module instead of command module
- lxc: remove useless loop in apt execution
- lxc: update our default template to be compatible with Debian 10
- lxc-php: refactor tasks for better maintainability
- lxc-php: Use OpenSMTPD for Stretch/Buster containers, and ssmtp for Jessie containers
- lxc-solr: changed default Solr version to 8.4.1
- minifirewall: better alert5 activation
- minifirewall: no http filtering by default
- minifirewall: /bin/true command doesn't report "changed" anymore
- nagios-nrpe: update check_redis_instances (same as redis role)
- nagios-nrpe: change default haproxy socket path
- nagios-nrpe: check_mode per cpu dynamically
- nodejs: change default version to 12 (new LTS)
- packweb-apache: Do the install & conffigure phpContainer script (instead of evoadmin-web role)
- php: By default, allow 128M for OpCache (instead of 64M)
- php: Don't set a chroot for the default fpm pool
- php: Make sure the default pool we define can be fully functionnal witout debian's default pool file
- php: Change the default pool names to something more explicit (and same for the variables names)
- php: Add a task to remove Debian's default FPM pool file (off by default)
- php: Cleanup CLI Settings. Also, allow url fopen and don't disable functions (in CLI only)
- postgresql : changed logrotate config to 10 days (and fixed permissions)
- rbenv: changed default Ruby version to 2.7.0
- squid: Remove wait time when we turn off squid
- squid: compatibility wit Debian 10
- tomcat: package version derived from Debian version if missing
- varnish: remove custom ExecReload= script for Debian 10+
Fixed
- etc-git: fix warnings ansible-lint
- evoadmin-web: Put the php config at the right place for Buster
- lxc: Don't stop the container if it already exists
- lxc: Fix container existance check to be able to run in check_mode
- lxc-php: Don't remove the default pool
- minifirewall: fix warnings ansible-lint
- nginx: fix munin fcgi not working (missing chmod 660 on logs)
- php: add missing handler for php7.3-fpm
- roundcube: fix typo for roundcube vhost
- tomcat: fix typo for default tomcat_version
- evolinux-base: Fix our zsyslog rotate config that doesn't work on Debian 10
- certbot: Properly evaluate when apache is installed
- evolinux-base: Don't make alert5.service executable as systemd will complain
- webapps/evoadmin-web: Set default evoadmin_mail_tpl_force to True to fix a regression where the mail template would not get updated because the file is created before the role is first run.
- minifirewall: Backport changes from minifirewall (properly open outgoing smtp(s))
- minifirewall: Properly detect alert5.sh to turn on firewall at boot
- packweb-apache: Add missing dependency to evoacme role
- php: Chose the debian version repo archive for packages.sury.org
- php: update surry_post.yml to match current latest PHP release
- packweb-apache: Don't try to install PHPMyAdmin on Buster as it's not available
Removed
- clamav : do not install the zoo package anymore
Downloads
-
Version 9.10.1 Stable
2019-06-21 14:38:11 +02:00 | 1810 commits to stable since this releaseChanged
- evocheck : update (version 19.06) from upstream
Downloads