DebOps v0.8.0 Release Notes
Release Date: 2018-08-06 // over 5 years ago-
.. _debops v0.8.0: https://github.com/debops/debops/compare/v0.7.2...v0.8.0
โ Added
๐ New DebOps roles '''''''''''''''' - The :ref:`debops.netbase` role: manage local host and network database in :file:`/etc/hosts` and :file:`/etc/networks` files. - The :ref:`debops.sudo` role: install and manage :command:`sudo` configuration on a host. The role is included in the ``common.yml`` playbook. - ๐ง The :ref:`debops.system_groups` role: configure UNIX system groups used on DebOps hosts. The role is included in the ``common.yml`` playbook. - The :ref:`debops.debops_legacy` role: clean up legacy files, directories, APT packages or :command:`dpkg-divert` diversions created by DebOps but no longer used. This role needs to be executed manually, it's not included in the main playbook. - ๐ The :ref:`debops.python` role: manage Python environment, with support for multiple Python versions used at the same time. The role is included in the ``common.yml`` playbook. - ๐ Icinga 2 support has been implemented with :ref:`debops.icinga`, :ref:`debops.icinga_db` and :ref:`debops.icinga_web` Ansible roles. General ''''''' - The DebOps installation now depends on the `dnspython`__ Python library. This allows usage of the ``dig`` Ansible lookup plugin in DebOps roles to gather data via DNS SRV records. .. __: http://www.dnspython.org/ - The DebOps installation now depends on the `future`__ Python library which provides compatibility between Python 2.7 and Python 3.x environments. It is currently used in the custom Ansible filter plugin provided by DebOps, but its use will be extended to other scripts in the future to make the code more readable. .. __: http://python-future.org/ :ref:`debops.dhparam` role '''''''''''''''''''''''''' - The role will set up a :command:`systemd` timer to regenerate Diffie-Hellman parameters periodically if it's available. The timer will use random delay time, up to 12h, to help with mass DHparam generation in multiple LXC containers/VMs. :ref:`debops.nginx` role '''''''''''''''''''''''' - 0๏ธโฃ A ``default`` set of SSL ciphers can be specified using the :envvar:`nginx_default_ssl_ciphers` variable. This disables the ``ssl_ciphers`` option in the :command:`nginx` configuration and forces the server to use the defaults provided by the OS. :ref:`debops.ntp` role '''''''''''''''''''''' - The OpenNTPD service will now properly integrate the :command:`ifupdown` hook script with :command:`systemd`. During boot, NTP daemon will be started once network interfaces are configured and will not restart multiple times on each network interface change. :ref:`debops.resources` role '''''''''''''''''''''''''''' - The role can now generate custom files using templates, based on a directory structure. See :ref:`resources__ref_templates` for more details. :ref:`debops.sudo` role ''''''''''''''''''''''' - ๐ง You can now manage configuration files located in the :file:`/etc/sudoers.d/` directory using :ref:`sudo__*_sudoers <sudo__ref_sudoers>` inventory variables, with multiple level of conditional options. :ref:`debops.users` role '''''''''''''''''''''''' - ๐ง Selected UNIX accounts can now be configured to linger when not logged in via the ``item.linger`` parameter. This allows these accounts to maintain long-running services when not logged in via their own private :command:`systemd` instances. ๐ Changed
General '''''''
- Some of the existing DebOps Policies and Guidelines have been reorganized and
the concept of DebOps Enhancement Proposals (DEPs) is introduced, inspired by
the
Python Enhancement Proposals
__.
.. __: https://www.python.org/dev/peps/pep-0001/
- ๐ The :command:
debops
script can now parse multiple playbook names specified in any order instead of just looking at the first argument passed to it.
:ref:
debops.apt_install
role ''''''''''''''''''''''''''''''- ๐ง The :command:
editor
alternative symlink configuration has been moved from thedebops.console
role to the :ref:debops.apt_install
role which also installs :command:vim
by default.
:ref:
debops.apt_mark
role '''''''''''''''''''''''''''- ๐ง The configuration of automatic removal of APT packages installed via
Recommends:
orSuggests:
dependencies has been moved from the :ref:debops.apt
role to the :ref:debops.apt_mark
role which more closely reflects its intended purpose. Variable names and their default values changed; see the :ref:upgrade_notes
for more details.
:ref:
debops.core
role '''''''''''''''''''''''- The role will add any new administrator accounts to the list of existing admin accounts instead of replacing them in the Ansible local fact script. This should allow for multiple administrators to easily coexist and run the DebOps playbooks/roles from their own accounts without issues.
:ref:
debops.gitlab
role '''''''''''''''''''''''''Redesign the GitLab version management to read the versions of various components from the GitLab repository files instead of managing them manually in a YAML dictionary. The new :envvar:
gitlab__release
variable is used to specify desired GitLab version to install/manage.The :command:
gitaly
service will be installed using thegit
UNIX account instead ofroot
. Existing installations might require additional manual cleanup; see the :ref:upgrade_notes
for details.๐ The role now supports installation of GitLab 10.7.
The usage of :envvar:
gitlab__fqdn
variable is revamped a bit - it's now used as the main variable that defines the GitLab installation FQDN. You might need to update the Ansible inventory if you changed the value of thegitlab_domain
variable used previously for this purpose.
:ref:
debops.ifupdown
role '''''''''''''''''''''''''''- The :ref:
debops.kmod
role is added as a dependency. The :ref:debops.ifupdown
role will generate :command:modprobe
configuration based on the type of configured network interfaces (bridges, VLANs, bonding) and the kernel modules will be automatically loaded if missing.
:ref:
debops.lxc
role ''''''''''''''''''''''๐ง Redesign system-wide LXC configuration to use list of YAML dictionaries merged together instead of custom Jinja templates.
โ Add :command:
lxc-prepare-ssh
script on the LXC hosts that can be used to install OpenSSH and add the user's SSH authorized keys inside of the LXC containers. This is a new way to prepare the LXC containers for Ansible/DebOps management that doesn't require custom LXC template scripts and can be used with different LXC container types.
:ref:
debops.mariadb_server
role '''''''''''''''''''''''''''''''''- The MariaDB/MySQL server and :ref:
client <debops.mariadb>
will now use theutf8mb4
encoding by default instead of theutf8
which is an internal MySQL character encoding. This might impact existing databases, see the :ref:upgrade_notes
for details.
:ref:
debops.nodejs
role '''''''''''''''''''''''''The NPM version installed by the role from GitHub is changed from
v5.4.2
tolatest
which seems to be an equivalent of a stable branch.Recent versions of NPM
require NodeJS 6.0.0+
__ and don't work with other releases. Because of that the newest NPM release is not installable on hosts that use NodeJS packages from older OS releases.
.. __: https://github.com/npm/npm/issues/20425
The :ref:
debops.nodejs
role will install NPM v5.10.0 version in this case to allow NPM to work correctly - on Debian Jessie, Stretch and Ubuntu Xenial. Otherwise, a NPM from thelatest
branch will be installed, as before.- ๐ Instead of NodeJS 6.x release, the role will now install NodeJS 8.x release
upstream APT packages by default. This is due to the NodeJS 6.x release
switching to a Maintenance LTS mode
__. NodeJS 8.x will be supported as a LTS release until April 2019.
.. __: https://github.com/nodejs/Release
- ๐ฆ The role will install upstream NodeSource APT packages by default. This is
due to
no security support in Debian Stable
__, therefore an upstream packages should be considered more secure. The upstream NodeJS packages include a compatible NPM release, therefore it won't be separately installed from GitHub.
.. __: https://www.debian.org/releases/stretch/amd64/release-notes/ch-information.en.html#libv8
The existing installations shouldn't be affected, since the role will select OS/upstream package versions based on existing Ansible local facts.
:ref:
debops.owncloud
role '''''''''''''''''''''''''''- ๐ Support Nextcloud 13 and partially ownCloud 10. Nextcloud 11 and ownCloud 9.1 are EOL, you should update. The role can help you with the update to ensure that everything works smoothly with the new versions. Currently, the role can not do the update for you.
:ref:
debops.sshd
role '''''''''''''''''''''''- The role will now check the :ref:
debops.system_groups
Ansible local facts to define what UNIX groups are allowed to connect to the host via the SSH service.
โฌ๏ธ :ref:
debops.unattended_upgrades
role ''''''''''''''''''''''''''''''''''''''- โฌ๏ธ On hosts without a domain set, the role enabled all upgrades, not just
security updates. This will not happen anymore, the security updates are
enabled everywhere by default, you need to enable all upgrades specifically
via the :envvar:
unattended_upgrades__release
variable.
โ Removed
:ref:`debops.apt_install` role '''''''''''''''''''''''''''''' - ๐ฆ Don't install the ``sudo`` package by default, this is now done via a separate :ref:`debops.sudo` role to easily support switching to the ``sudo-ldap`` APT package. :ref:`debops.auth` role ''''''''''''''''''''''' - โ Remove configuration of UNIX system groups and accounts in the ``admins`` UNIX group. This is now done by the :ref:`debops.system_groups` Ansible role. ``debops.console`` role ''''''''''''''''''''''' - โ Remove support for copying custom files from the role. This functionality is covered better by the :ref:`debops.resources` role. - โ Remove support for managing entries in the :file:`/etc/hosts` database. This is now covered by the :ref:`debops.netbase` Ansible role. ``debops.bootstrap`` role ''''''''''''''''''''''''' - ๐ง The :command:`sudo` configuration has been removed from the ``debops.bootstrap`` role. The ``bootstrap.yml`` playbook now includes the :ref:`debops.sudo` role which configures :command:`sudo` service. - ๐ The UNIX system group management has been removed from the role, the ``bootstrap.yml`` playbook now uses the :ref:`debops.system_groups` role to create the UNIX groups used by DebOps during bootstrapping. - โ Remove management of Python packages from the role. The ``bootstrap.yml`` playbook uses the :ref:`debops.python` role to configure Python support on the host. :ref:`debops.lxc` role '''''''''''''''''''''' - โ Remove support for direct LXC container management from the role. This functionality is better suited for other tools like :command:`lxc-*` set of commands, or the Ansible ``lxc_container`` module which should be used in custom playbooks. The 'debops.lxc' role focus should be configuration of LXC support on a host. - โ Remove custom LXC template support. The LXC containers can be created by the normal templates provided by the ``lxc`` package, and then configured using DebOps roles as usual. :ref:`debops.postgresql_server` role '''''''''''''''''''''''''''''''''''' - 0๏ธโฃ The tasks that modified the default ``template1`` database and its schema have been removed to make the PostgreSQL installation more compatible with applications packaged in Debian that rely on the PostgreSQL service. See the relevant commit for more details. Existing installations shouldn't be affected.
- Some of the existing DebOps Policies and Guidelines have been reorganized and
the concept of DebOps Enhancement Proposals (DEPs) is introduced, inspired by
the