Files
@ ea69b2719d8e
Branch filter:
Location: majic-ansible-roles/docs/releasenotes.rst
ea69b2719d8e
8.8 KiB
text/prs.fallenstein.rst
MAR-22: Implemented tests for the common role:
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.
- Added missing documentation for pipreqcheck_uid and pipreqcheck_gid
parameters.
- Use static-hashed passwords for reproducibility during testing in test
playbook.
- Install Emacs and libmariadb-client-lgpl-dev-compat via test playbook on one
of the testing instances in order to test related tasks.
- Fixed parameter for connection limitting in test playbook.
- Added explicit parameters to test playbook for pipreqcheck_gid and
pipreqcheck_uid.
- Fixed deployment of ferm configuration file ot include setting user/group and
mode.
- Added tests covering common deployment, deployment when only mandatory
parameters are provided, and deployment when optional parameters are set as
well.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 | Release notes
=============
1.5.0
-------
Minor bug-fixes, package upgrade checks, and better support for next Debian
stable release (Stretch).
New features/improvements:
* ``backup_client`` role
* Implemented support for next Debian stable release (*Debian Stretch*). This
was needed due to changes in duplicity parameters and their syntax.
* ``common`` role
* Added parameter for configuring common backup patterns. Allows for better
control over ``/root`` and ``/home`` directories. Backup of remaining
directories is still hard-coded.
* Added support for checking if package upgrades are available. Covers system
packages out-of-the-box, and provides ability to perform checks on pip
requirements files.
* Added generic support for checking certificate expiration dates. Relevant
roles need to deploy special configuration files to trigger the checks.
* ``ldap_server`` role
* Updated role to perform certificate expiration date check on LDAP server
certificate.
* ``mail_server`` role
* Updated role to perform certificate expiration date check on all mail server
certificates.
* ``php_website`` role
* Updated role to perform certificate expiration date check on website server
certificate.
* ``xmpp_server`` role
* Updated role to perform certificate expiration date check on XMPP server
certificate.
* ``web_server`` role
* Updated role to perform certificate expiration date check on default web
server certificate.
* ``wsgi_website`` role
* Added alternative way to specify Gunicorn version to install in virtual
environment (via separate parameter). If this parameter is in use, package
upgrade checks will be done as well (against auto-assembled pip requirements
file). See role reference documentation for details.
* Updated role to perform certificate expiration date check on website server
certificate.
Bug-fixes:
* ``mail_server`` role
* Fixed incorrect mail name (FQDN) used for mails originating from the server.
* ``web_server`` role
* Fixed configuration of available TLS versions on the Nginx web server.
Documentation:
* Added release procedures and related information.
* Added information about Debian release compatibility to role reference.
1.4.0
-----
Minor fixes and features allowing for more fine-tuning of installations.
New features/improvements:
* ``ldap_server`` role
* TLS versions and ciphers supported by server are now configurable.
* ``mail_server`` role
* TLS versions and ciphers supported by SMTP and IMAP server are now
configurable.
* Number of allowed concurent IMAP connections for a single user from a single
IP address is now configurable.
* ``web_server`` role
* TLS versions and ciphers supported by server are now configurable.
1.3.0
-----
IPv6 support in firewall rules, small bug fixes and improvements.
New features/improvements:
* All roles that deploy firewall rules
* Set-up IPv6 firewall rules in addition to IPv4.
* ``common`` role
* Crontabs, operating system user passwords (``/etc/shadow``), and local user
mails are now included in the backup.
Bug-fixes:
* ``wsgi_website`` role
* Do not traverse static locations that have not been explicitly
configured. Fixes issue where static location ends-up being served by Nginx
instea of WSGI application.
1.2.0
-----
Minor fixes and features.
New features:
* ``wsgi_website`` role
* Added support for providing custom proxy headers to pass on to Gunicorn
server.
Bug-fixes:
* ``php_website`` role
* Make sure the environment indicator is always shown on top by increasing its
``z-index`` value.
* ``wsgi_website`` role
* Make sure the environment indicator is always shown on top by increasing its
``z-index`` value.
1.1.0
-----
Minor bug fixes, enchancements, and features.
New features/improvements:
* ``common`` role
* Added support for having user-defined ``/etc/profile.d`` style scripts (in
``~/.profile.d/``.
* Disables Emacs ``electric-indent-mode`` globally if Emacs is installed.
* Deploys symbolic link for ``mysql_config`` if package
``libmariadb-client-lgpl-dev-compat`` is installed (workaround for
`Debian Bug 766996
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766996>`_)
* Updates CA cache immediatelly so that roles depending on cache being
up-to-date do not throw validation errors.
* ``mail_server`` role
* Added support for specifying local aliases.
* Undeliverable bounces are now delivered to postmaster.
* ``php_website`` role
* Added support for specifying custom ``php-fpm`` pool configuration options.
* Added support for having ribon/strip at bottom to identify website
environment. Useful for testing/staging environments.
* Deploys symbolic link for ``mysql_config`` if package
``libmariadb-client-lgpl-dev-compat`` is installed (workaround for
`Debian Bug 766996
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766996>`_)
* Forwards mails delivered to application or application administrator users
to local ``root`` account (can be configured to deliver mails elsewhere).
* Sets ``HSTS`` policy if TLS is enforced.
* *Umask* for the operating system which runs the website is set to ``0007``.
* When administrator user is created for the first time, its home directory is
populated from ``/etc/skel``. This makes prompts etc look more uniform
across the system.
* ``wsgi_website`` role
* Added support for having ribon/strip at bottom to identify website
environment. Useful for testing/staging environments.
* Added support for specifying environment variables that should be set when
running the service, or when administering the installation (using
application administrator operating system user).
* Deploys symbolic link for ``mysql_config`` if package
``libmariadb-client-lgpl-dev-compat`` is installed (workaround for
`Debian Bug 766996
<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=766996>`_)
* Forwards mails delivered to application or application administrator users
to local ``root`` account (can be configured to deliver mails elsewhere).
* Sets ``HSTS`` policy if TLS is enforced.
* *Umask* for the operating system which runs the website is set to ``0007``.
* When administrator user is created for the first time, its home directory is
populated from ``/etc/skel``. This makes prompts etc look more uniform
across the system.
Bug-fixes:
* ``database_server`` role
* Applies UTF-8 configuration immediatelly. This should fix issues during
inital server set-up for roles that need to create database using UTF-8
character set.
* ``wsgi_website`` role
* Fixed virtualenv wrapper shell script to use proper escaping around
arguments.
* Website service is now restarted in case of package changes (system or
virtual environment).
* ``mail_forwarder`` role
* Allows incoming SMTP connections from the SMTP relay server (if
configured). This way the SMTP relay can deliver bounces.
1.0.1
-----
Minimal bugfix update to improve interoperability.
Changes:
* ``xmpp_server`` role no longer restricts TLS to version 1.2 and ciphers to PFS
ciphers. Should solve ``s2s`` communication issues with old XMPP servers.
1.0.0
-----
Initial release of Majic Ansible Roles.
New roles:
* ``backup``, reusable role for specifying files to back-up.
* ``backup_client``, base role for setting-up backup client on a server
(Duplicity).
* ``backup_server``, sets-up a backup server.
* ``bootstrap``, sets-up server for Ansible management (bootstrapping it for
subsequent Ansible runs).
* ``common``, basic set-up of server, some hardening, creation of admin accounts
etc.
* ``database``, reusable role for creating MariaDB database and user for
accessing the database.
* ``database_server``, sets-up database server (MariaDB).
* ``ldap_client``, sets-up LDAP client tools and configuration (OpenLDAP).
* ``ldap_server``, sets-up and manages basic entries in an LDAP server
(OpenLDAP).
* ``mail_forwarder``, sets-up local SMTP server that forwards mail to the main
mail server (Postfix).
* ``mail_server``, sets-up a mail server with SMTP and IMAP services (Postfix,
Dovecot).
* ``php_website``, reusable role for creating PHP-based websites. Provides basic
building block for PHP applications (Nginx).
* ``preseed``, small role for generating Debian preseed files for automated OS
installation.
* ``web_server``, sets-up web server with basic welcome page (Nginx).
* ``wsgi_website``, reusable role for creating WSGI-based websites. Provides
basic building block for WSGI applications (Nginx).
* ``xmpp_server``, sets-up an XMPP server for instant messaging services
(Prosody).
New features:
* Usage (tutorial-like) instructions.
* Test site, serving as an example and used for basic regression testing.
* Role reference documentation.
|