Jérémy Lecour
37ed5dd393
evolinux-base: swappiness is customizable
2020-09-01 14:08:39 +02:00
Jérémy Lecour
afa0fd35c8
Change default public SSH/SFTP port from 2222 to 22222
2020-08-28 18:32:47 +02:00
Jérémy Lecour
d0622c6b20
tomcat: root directory owner/group are configurable
2020-08-27 17:12:34 +02:00
Jérémy Lecour
7413a242a8
Release 10.1.0
2020-08-21 14:50:17 +02:00
Jérémy Lecour
44ddc8047d
evoacme: disable empty task for hooks
2020-08-21 14:21:28 +02:00
Jérémy Lecour
1e6d6cdd13
sort lines in CHANGELOG
2020-08-21 14:03:41 +02:00
Jérémy Lecour
f49bf5c72d
evoacme: use Let's Encrypt deploy hooks instead of evoacme hooks
2020-08-21 14:02:07 +02:00
Jérémy Lecour
a60deb276b
evoacme: upstream release 20.08
2020-08-21 14:01:06 +02:00
Jérémy Lecour
8ea1bac000
evoacme: update for new certbot role
...
* certbot is installed by the certbot role
* Apache/Nginx configuration is delegated to the certbot role
* No more "acme" user, everything is done with "root".
2020-08-21 13:36:24 +02:00
Benoît S.
a8095b1c36
Updated CHANGELOG.md with recent merges
2020-08-20 15:49:22 +09:00
Jérémy Lecour
5c4daf3691
Merge remote-tracking branch 'origin/generateldif-patch' into unstable
2020-08-19 14:53:10 +02:00
Jérémy Lecour
d457b25c4b
Merge remote-tracking branch 'origin/nagios-nrpe-amavis-update' into unstable
2020-08-19 14:52:04 +02:00
Jérémy Lecour
7eed6d0255
Merge remote-tracking branch 'origin/squid-sa-update-domains' into unstable
2020-08-19 14:51:50 +02:00
Jérémy Lecour
221e9edc10
Merge branch 'nagios-nrpe-check-hpraid' into unstable
2020-08-19 14:49:22 +02:00
Jérémy Lecour
57ac4e467c
metricbeat: allow using a template
2020-08-18 14:01:09 +02:00
Jérémy Lecour
ce35f7292f
filebeat: allow using a template
2020-08-18 14:00:46 +02:00
Ludovic Poujol
edbc596511
mongodb: Fix issue introduced by 8aa7f6cf33
2020-07-30 11:31:19 +02:00
Mathieu Trossevin
23a486dc9a
[LXC] Force lxc containers to be in the correct timezone
...
Right now lxc containers are in the Etc/UTC timezone, this commit change
it so that they are in the same timezone as the host by copying
/etc/timezone and /etc/localtime (without dereferencing it) inside of
the container.
It might not be able to survive an update of the tzdata package however.
(Debian shouldn't change manual configuration upon update but they chose
to anyways so bear with it).
2020-07-27 11:53:03 +02:00
Jérémy Lecour
eeeb20771a
elasticsearch: keep native values
2020-07-21 10:46:34 +02:00
Jérémy Lecour
d3e69eeeb5
certbot: fix haproxy hook (ssl cert directory detection)
...
It was matching additional parameters.
Now it matches on the first argument after "crt"
2020-07-21 10:46:01 +02:00
Jérémy Lecour
21b8104654
elasticsearch: configure cluster with seed hosts and initial masters
2020-07-19 11:40:59 +02:00
Jérémy Lecour
9270852349
elasticsearch: set tmpdir before datadir
2020-07-19 11:30:00 +02:00
Jérémy Lecour
cea5620568
elasticsearch is compatible with buster
2020-07-17 13:49:07 +02:00
Jérémy Lecour
8aa7f6cf33
mongodb: install custom munin plugins
2020-07-17 13:48:18 +02:00
Benoît S.
1c050b481a
evolinux-base: check_hpraid.cron.sh: Fixed wrong <<<
usage
2020-07-01 10:18:30 +09:00
Benoît S.
0150e77041
generate-ldif: Patched computerOS detection
2020-06-30 05:11:05 +02:00
Benoît S.
0fd8128f94
generate-ldif: Skip some odd ethernet devices
2020-06-30 04:36:04 +02:00
Benoît S.
0cd889e4fb
generate-ldif: Add NVMe disk support
2020-06-30 04:10:03 +02:00
Benoît S.
9a8f1979bc
evolinux-base: check_hpraid.cron.sh: Fixed wrong else
...
The logic was wrong, an else part was not necessary.
2020-06-26 17:57:50 +09:00
Benoît S.
a28b9558cb
evolinux-base: check_hpraid.cron.sh: Better logic and use mail
...
First step is to detect errors
Second step is to detect different state
Added mail comand to replace cron output
2020-06-24 18:57:08 +09:00
Jérémy Lecour
9bdd5ad9e7
haproxy: rotate logs with date extension and immediate compression
2020-06-22 19:02:29 +02:00
Mathieu Trossevin
5e13f8da4e
lxc-php: Make mysql socket binding work on fresh install
...
/var/run/mysqld only exist after mysql is installed, as such the role
lxc-php need to run after the role mysql.
Also only cause a restart of the containers when their configuration has
been changed.
For now socket binding might only work for mysql and not mysql-oracle
(it's default socket seems to be /tmp/mysql.sock).
2020-06-17 16:06:54 +02:00
Mathieu Trossevin
49b20f9b12
lxc-php: Have mysqld.sock inside of a directory
...
Bind mount don't seems to work on a file so the default socket is now
always named mysqld.sock and the configurable variable is
php_conf_mysql_socket_dir that define the directory the socket will be
in.
2020-06-17 16:06:54 +02:00
Mathieu Trossevin
1d9ab0f1f3
Allows using localhost to connect to MySQL in lxc
...
Add 'php_conf_mysql_default_socket' variable to lxc-php role that
configure both the lxc containers and PHP so that a local MySQL database
may be used through localhost.
The PHP containers will automount /var/run/mysqld/mysqld.sock (the
default path to the mysql socket) to the path defined by the variable
'php_conf_mysql_default_socket' which will be the path used by php to
contact MySQL both with mysqli and PDO_MYSQL.
2020-06-17 16:06:53 +02:00
Benoît S.
de908ae5bd
nagios-nrpe: check_amavis: Update regex
...
I just installed a Debian Stretch with a pack mail and the check_amavis
was not checking the right regex.
Amavis is returning:
2.7.0 Ok, discarded, id=17556-09 - INFECTED: Eicar-Signature
So the regex should be:
-if ($result =~/2.7.0 Ok, discarded, id=[^,]+ - INFECTED: Eicar-Test-Signature/) {
+if ($result =~/2.7.0 Ok, discarded, id=\S+ - INFECTED: Eicar-Signature/) {
2020-06-17 12:20:33 +09:00
Benoît S.
1d7d2ce08d
squid: Update regex for sa-update domains.
...
List of domains is like:
http://sa-update.dnswl.org/ weight=3
http://www.sa-update.pccc.com/ weight=5
http://sa-update.secnap.net/ weight=5
http://sa-update.space-pro.be/ weight=1
http://sa-update.ena.com/ weight=5
http://sa-update.razx.cloud/ weight=5
http://sa-update.fossies.org/ weight=1
http://sa-update.verein-clean.net/ weight=10
http://sa-update.bitwell.fi/ weight=5
http://sa-update.spamassassin.org/ weight=10
They all start sa-update.*, except for http://www.sa-update.pccc.com/ .
In that case, we just match sa-update on the domain name.
2020-06-17 11:25:24 +09:00
Jérémy Lecour
977c28c720
varnish: fix start command when multiple addresses are present
2020-06-16 13:51:07 +02:00
Benoît S.
766b4dfa82
evolinux-base: check_hpraid cron: Add -p
2020-06-16 13:20:43 +09:00
Benoît S.
a74f4e1890
evolinux-base/tasks/hardware.yml: Removed trailing whitespace
2020-06-16 12:42:33 +09:00
Benoît S.
4bec21a9f3
evolinux-base: harware: Support HP gen >=10 RAID controller
2020-06-16 12:35:56 +09:00
Benoît S.
241f50d27e
nagios-nrpe: check_hpraid: Update known working RAID controllers
2020-06-16 12:34:48 +09:00
Benoît S.
74229809ff
nagios-nrpe: Add check_hpraid in template
2020-06-16 12:28:10 +09:00
Benoît S.
09e17ffe6c
nagios-nrpe: check_hpraid: Use printf for return lines
2020-06-16 11:16:44 +09:00
Benoît S.
b47d2b872c
nagios-nrpe: check_hpraid: Fixed wrong grep in EXCLUDE_BATTERY
2020-06-16 10:57:18 +09:00
Benoît S.
d49da6954a
nagios-nrpe: check_hpraid: Fix wrong command name in examples
2020-06-16 10:53:00 +09:00
Benoît S.
6126be95e3
nagios-nrpe: check_hpraid: Be sure that variables are bound
2020-06-16 10:36:24 +09:00
Jérémy Lecour
ce7468816f
haproxy: deport SSL tuning to Mozilla SSL generator
...
There are too many combinations and they change every so often.
It's better to direct the user to the generator to have a good
configuration.
2020-06-15 22:47:08 +02:00
Jérémy Lecour
30cdbae981
haproxy: split stats variables
2020-06-15 22:45:22 +02:00
Jérémy Lecour
011761eb8f
haproxy: add deny_ips file to reject connections
2020-06-14 23:28:29 +02:00
Jérémy Lecour
8465743973
haproxy: add some comments to default config
2020-06-14 23:27:50 +02:00