Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* fix(nginx): Remove default nginx dummy vhost that could clash with Varnish (#1750) * fix(nginx): Remove default nginx dummy vhost that could clash with Varnish * Fix variable naming and comment * Implement keep_default_vhost setting * Wazuh-var-update (#1903) * Wazuh-agent-vars-more-readable (#1905) * Filebeat-restart-task-wazuh (#1907) * Filebeat restart task wazuh pr 2.x (#1909) * Filebeat-restart-task-wazuh * Fixing-wazuh-filebeat-restart * Adding-gawk-to-extra-packages (#1910) * Updating-filebeat-restart-task (#1913) * Adding motd to exit role pr 2.x (#1915) * Fixing-backup-validation-role-plicies * Adding-parts-for-VPC-and-SG * Adding-region-to-vpc-and-subnet-tasks * Adding-region-to-vpc-and-subnet-tasks-2 * Updating-vars-for-vpc-and-subnet * Updating-vars-for-vpc-and-subnet-2 * Updating-vars-for-vpc-and-subnet-3 * Adding-json-file-for-restore-testing * Changing-user-where-json-file-is-generated * Updating-json-file-location * Updating-path-to-j2-file * Changing-force-valkue * Testing-file-creation * Testing-file-creation-via-command-task * Adding-motd-to-exit-role * Commenting-out-task-that-will-fail * Fixing-pipefail * Fixing-syntax-issue --------- Co-authored-by: Matej Stajduhar <[email protected]> * Fixing-motd-task (#1917) * Motd-switch-egrep-with-awk (#1919) * Motd-task-update (#1922) * Motd-task-update * Restoring-deleted-task * Fixing motd task when running on localhost pr 2.x (#1924) * Fixing-backup-validation-role-plicies * Fixing-motd-task-when-running-on-localhost * Updating-when-statement * Adding-become-true-on-motd-update --------- Co-authored-by: Matej Stajduhar <[email protected]> * Apt bug workaround pr 2.x (#1935) * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * apt_bug_workaround * fix_var_logic * Pushing-aws-backup-validation-role (#1944) * Pushing-aws-backup-validation-role * Fixing-linting --------- Co-authored-by: Matej Stajduhar <[email protected]> * fix(redis): Convert maxmemory setting to int before comparing (#1897) * Reverting-nginx-username (#1945) * Reverting nginx username pr 2.x (#1947) * Reverting-nginx-username * Minor-fix-nginx-username * Updating-nginx-vars (#1950) * Bug fixes 2.x pr 2.x (#1952) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * r70597 new system role for ipv6 disablement (#1954) * r70597 new system role for ipv6 disablement * fix linting problem * add readme for system role * Fixing-json-file-for-restore-testing (#1956) Co-authored-by: Matej Stajduhar <[email protected]> * Fixing json file for restore testing pr 2.x (#1957) * Fixing-json-file-for-restore-testing * Missing-coma-in-json --------- Co-authored-by: Matej Stajduhar <[email protected]> * updating asg role to support custom rule on http and https (#1959) Co-authored-by: filip <[email protected]> * Bug fixes 2.x pr 2.x (#1962) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Bug fixes 2.x pr 2.x (#1966) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * r70596 create swap directory (#1968) * r70596 create swap directory * remove stat check * 70325 adding asg redirect pr 2.x (#1963) * updating asg role to support custom rule on http and https * updating readme properly * updating docs for the asg role --------- Co-authored-by: filip <[email protected]> * swapfile path and clamav exclusion (#1970) * Galaxy role pr 2.x (#1974) * Deleting obsolete Debian 10 requirements files. * Adding first pass at generic and reusable Ansible Galaxy role. * Docs update. * Updating README files. * Updating ce_provision and ce_deploy to use ansible_galaxy role. * Ansible Galaxy docs enhancement. * Cannot use _ansible in variable names, reserved. * Removing blocks for Galaxy installation, not needed. * Variables passed to Galaxy role were wrong. * Bug fixes 2.x pr 2.x (#1975) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Bug fixes 2.x pr 2.x (#1978) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Bug fixes 2.x pr 2.x (#1980) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating defaults pr 2.x (#1982) * Updated-defaults-for-aws_acl-role * Removing-Identity-search --------- Co-authored-by: Matej Stajduhar <[email protected]> * Updating defaults pr 2.x (#1984) * Updated-defaults-for-aws_acl-role * Removing-Identity-search * Removing-undefined-variable --------- Co-authored-by: Matej Stajduhar <[email protected]> * Removing-gawk-apt (#1985) * Adding-gawk-removing-gawk-csh (#1987) * Adding-when-statement-for-assigning-instance (#1990) * Adding-when-statement-for-assigning-instance * Adding-check-prior-to-assigning-resources * Adding-check-prior-to-assigning-resources * Adding-region-to-aws-cli-command * Print-protected-resource * Adding-resource-type-definition * Resolved-conflicts * Removing-empty-line * Disabling-assigning-instance-to-restore-testing-plan --------- Co-authored-by: Matej Stajduhar <[email protected]> * Matching-2.x-and-devel-branches (#1999) Co-authored-by: Matej Stajduhar <[email protected]> * Adding-aws-ses-role (#2003) * Adding-aws-ses-role * Removing-python-script * Changing-domain-name * Using-variable-for-domain-name --------- Co-authored-by: Matej Stajduhar <[email protected]> * Resolving-conflicts (#2015) Co-authored-by: Matej Stajduhar <[email protected]> * Resolving-conflicts (#2018) Co-authored-by: Matej Stajduhar <[email protected]> * Updating nginx ssl le roles pr 2.x (#2021) * Updating-nginx-SSL-LE-roles * Updating-nginx-vars * r70260 Option to ignore false-positive shared memory segment warnings (#2023) * Adding-wazuh-ossec-from-enigma00a (#2027) * Updating-gitlab-runner-env (#2031) * r70987-decom-vpn-guest (#2034) * r70797 nodhcp module in system role for hetzner cloud systems (#2036) * r70797 nodhcp module in system role for hetzner cloud systems * fix syntax * r70797 set pipefail to resolve linting failure * fix pipefail with bash (#2038) * fix var in templ (#2040) * R70928 adding webroot option for le ssl task and fixing looping over domains pr 2.x (#2042) * r70928-adding-webroot-option-for-LE-SSL-task-and-fixing-looping-over-domains * Changing-LE-cron * Changing-script-from-sh-to-bash --------- Co-authored-by: Matej Stajduhar <[email protected]> * Updating-local-ossec-rules (#2045) * Updating-local-ossec-rules * Fixing-syntax * Updating-wazuh-vars (#2048) * Updating-wazuh-vars * Changing-var-defaults * Removing-wrong-variables * r70260-rkhunter-tested-good-tweaks (#2051) * Fixing-LE-renew-timer (#2052) Co-authored-by: Matej Stajduhar <[email protected]> * R70260 rkhunter tweak portpathwhitelist pr 2.x (#2055) * r70260-rkhunter-tweak-portpathwhitelist TEST * sanitise portpath items * Updating-system-role-condition (#2056) * Updating system role condition pr 2.x (#2059) * Updating-system-role-condition * Updating-system-role-condition-v2 * r71121-tweak-nohetznerdhcp-condition (#2061) * Changing-aws-acl-when-statement (#2063) Co-authored-by: Matej Stajduhar <[email protected]> * R71127 r71052 check pr 2.x (#2073) * r71127-r71052-attemt-to-workaround-elb-module-change-or-bug * debug alb issue * revert changes as the bug is outside of ce-provision https://github.com/ansible-collections/amazon.aws/issues/2376 * Newer aws collection test pr 2.x (#2077) * newer_aws_collection_test * 8.2.1 didnt work, back to 8.0.1 * r71171-efs-client-upgrade (#2079) * Turning-off-ami-cleanup-task (#2083) Co-authored-by: Matej Stajduhar <[email protected]> * Changing subnet for rds pr 2.x (#2087) * Changing-subnet-for-RDS * Uncommenting-tasks --------- Co-authored-by: Matej Stajduhar <[email protected]> * fix(debian/duplicity): Fix missing compilation dependencies (#2029) * fix(php-fpm): Set a good process children default for bigger servers (#1895) * fix(php-fpm): Set a good process children default for bigger servers * Fix min max logic * formatting * Fixing-RDS-backup-validation (#2089) Co-authored-by: Matej Stajduhar <[email protected]> * Updating-postfix-default-transport-maps (#2092) * Updated lambda backup validation reporting pr 2.x (#2099) * Updated-lambda-backup-validation-reporting * Updating-docs * Updating-lambda-handler * Adding-region-to-cloudwatch-task * Trimming-version-number-from-lambda * Fixing-text-manipulation * Updating-arn-for-cloudwatch-task --------- Co-authored-by: Matej Stajduhar <[email protected]> * Bug fixes 2.x pr 2.x (#2096) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Grouping systemd timer tasks together. * Exposing ce-provision version in build output. * Wrong variable in meta role for controller username. * Removing any reference to _aws variables in debian role defaults. * Setting more sane ASG defaults. * Making ClamAV timers a list so they can be entirely replaced. * Spacing fix for linting. * Renaming npm module. * Removing NGINX installation as part of phpMyAdmin role by default. * Fixing Varnish handler names. * Excluding name[casing] rule from linting due to false positives. * Put rule in wrong place! * Removing lock file behaviour from ASGs as it cannot work unless controller and ASG are in the same VPC. * Capturing lock file limitations in comment. * Updating documentation for LE. * Using pip to install certbot plugins. * Updating README docs. * Docs error corrected. * Working around deprecated SSH algorithms. * Upgrading SSH key type standard for controller and deploy users. * Adding SCP args for legacy mode needed by Packer. * Adding an extra when clause to ACM SAN cert check. * Trying different approach to ACM SAN cert check. * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Avoiding-backup-restoration-for-dev-env (#2108) Co-authored-by: Matej Stajduhar <[email protected]> * Updating-nodejs-to-nodistro (#2094) * Updating-nodejs-to-nodistro * Fixing-nodejs-unattended-upgrades * r71344-Updating-aws-acl-role (#2111) Co-authored-by: Matej Stajduhar <[email protected]> * r71344-Updating-aws-acl-role (#2112) * r71344-Updating-aws-acl-role * Adding-option-to-avoid-recreating-ACLs * Updating-aws-acl-vars * Updating-aws-acl-vars-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * Fixing-non-utf8-item (#2116) Co-authored-by: Matej Stajduhar <[email protected]> * Fixing non utf8 item pr 2.x (#2117) * Fixing-non-utf8-item * Changing-var-name-for-when-condition --------- Co-authored-by: Matej Stajduhar <[email protected]> * Fixing-utf8 (#2129) * Fixing utf8-2.x (#2131) * Fixing-utf8 * Adding-debug * Changing-lambda-creation-from-tip-file-to-s3 (#2122) * Changing-lambda-creation-from-tip-file-to-s3 * Fixing-syntax-error * indentation-fix * Finishing-backup-valdation-role --------- Co-authored-by: Matej Stajduhar <[email protected]> * Updating email notification title pr 2.x (#2140) * Updating-email-notification-title * Resolving-conflicts * Resolving-conflicts-2 --------- Co-authored-by: Matej Stajduhar <[email protected]> * Adding-defaults-to-max-children (#2141) * Adding defaults to max children pr 2.x (#2144) * Adding-defaults-to-max-children * Updating-max-children * Updating-php-defaults (#2145) * Updating php defaults pr 2.x (#2147) * Updating-php-defaults * Updating-php-defaults * Updating-php-defaults * efs_version_fix_for_old_debian_workaround (#2151) * fix(duplicity): Fix file name of include/exclude list (#2152) * Bug fixes 2.x pr 2.x (#2120) * Removing /bin/which from rkhunter defaults, it isn't present in Debian 11. * RDS param group module has changed name. * Adding passlib to libraries installed for ce-provision. * Adding in valid path for 'which' to rkhunter. * Catching up documentation. * Catching up documentation. * Making user creation optional and home directories a variable. * Missed passing new home var to task. * Fixing firewall.bash deletion issues. * Getting rid of accidental extra braces. * Simplifying usernames so you only need to set one var. * Docs update and making Ansible installation via _init an option. * Variable path error. * Updating linter ignore paths. * Making the NGINX test result var private. * Documentation update. * Fixing role dependency in NGINX role. * Adding installation path handling for Galaxy collections. * Removing -p option due to unexpected ill effects for role paths. * Moving X-Content-Type-Options header to project type templates. * Adding some inline documentation. * Fixing Postfix template to allow external relays. * Adding a FQDN postfix transport map. * Updating CI to 2.x. * Defending against missing Ansible. * Making the ce-provision-config branch in CI dynamic. * We do not want a 'ce-dev provision' because it breaks our controller. * Reverting 'ce-dev provision' change. * Trying a different ansible_facts var. * Testing using the source branch in ce-dev. * Setting max_childen to an integer to avoid CI issues. * Trying to change the python interpreter used. * Adding platform and cgroup values to ce-dev compose template. * Trying latest ubuntu containers in GitHub Actions. * Fixing the test.sh script to work with venvs. * Documentation for PHP in CI. * Adding GitLab test back in. * Fixing role namespaces. * Minor bug fixes to ce-provision installer. * Testing installing ce-provision in the GitHub Actions container directly. * Using the submitted install script as well. * Trying as runner user. * Trying to use the ce-dev base container. * Updating key name. * Suppressing systemd actions in Docker. * Seems Ansible flags have changed. * Still trying to get --extra-vars right! * Catching Ansible Galaxy upgrade timers for docker containers. * Trying to force --roles-path for Galaxy. * Trying different quotes. * Missed a line. * Trying a different approach to passing vars. * Adding some debug. * Running ce-python debug first. * Trying moving to the ce-provision directory. * Checking the specific path to galaxy roles in ce-provision. * Trying as controller user again. * Trying to make the roles dir. * Being consistent about paths in bash. * Removing debug lines for now. * Allowing script to skip iptables. * Misnamed flag. * Adding user_provision role to configure controller user. * Wrapping cleanup so it doesn't break GitHub Actions. * Completing variables for user_provisin. * Missed the sudoers var. * Quoting vars. * GitLab installer needs _domain_name. * Logic error in clean-up script. * Fixing paths to ce-provision in container. * Trying to fix CI perms issues. * Git dubious ownership error. * Git dubious ownership error. * Running the web server test as the controller user. * Missed a controller var. * Commenting out the CE container to test. * Adding a separate step for Git actions. * Need sudo for Ubuntu. * Using a volume to persist data between steps. * Adding debug commands to test volumes. * Tweaking volumes. * Adding the checkout command back in. * Trying a different approach. * ls command looks good, so putting web build back in. * More Ansible Galaxy debug. * Trying to make ansible-galaxy detect installed roles. * Run galaxy command as controller. * Trying galaxy command and cd wrapped in su. * Specifically checking the contents of galaxy/roles. * Trying a double-tap install process. * Quick refactor and debug of SSH. * Adding OpenSSH server package. * Checking for a firewall. * Checking listening packages. * Starting SSHD especially. * Starting SSHD without systemd. * Pre-empting config a bit more. * More galaxy path debug. * Running a find to see if we can find the missing roles. * More verbosity. * Checking for missing requirements file. * Removing eroneous when clause. * Tidying up redundant debug lines. * Creating a separate ci.yml play targeting localhost. * Making sure sshd is running. * Tidying up GitLab CI file and installing SSHD. * Installing SSHD as a separate step. * SSHD already installed, starting it instead. * Don't create systemd timers in containers. * Preparing a test GitLab build. * Making builds nightly and fixing GitLab role bug. * Ensuring is_local var exists and making lock behaviour optional. * Fixing location and owner of Blackfire config so it is configurable. * Documentation update. * Removing all is defined checks for is_local since it is now always defined. * Letting GitLab know it's on Docker earlier. * Trying to run runsvdir-start to avoid container freezing. * Temporarily skipping reconfigure of GitLab to test the rest. * Trying to move GitLab reconfigure commands to CI. * Fixing service namespace for runner and reinstating GitLab tasks. * Trying to get config script working for GitLab in CI. * No systemd, do not try to restart gitlab-runner. * Removing firewall role from CI GitLab test, don't need it and it breaks CI. * Outputting PostGreSQL logs to see if there are errors. * Outputting PostGreSQL logs to see if there are errors. * Trying the config script for GitLab again. * Suppressing extra GitLab config for CI runs. * Setting Blackfire CLI defaults to use ce-dev user. * Update .wikis2pages.yml * Nightly builds (#2153) * Create ce-provision-test-nightly.yml * Remove nightly check from GitLab test. * Remove nightly check from web server test. * Removing branch references. * Updating installer config branch to 2.x * Removing config branch, default is fine now * Updating-wazuh-template (#2154) * Updating le template (#2156) * Updating-le-template * Updating-le-template * Reworking-nodejs-for-older-versions (#2157) * Reworking nodejs for older versions pr 2.x (#2159) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Reworking nodejs for older versions pr 2.x (#2160) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Fixing-nodejs-syntax * Tweaking-apt-types-nodejs * Reworking nodejs for older versions pr 2.x (#2161) * Reworking-nodejs-for-older-versions * Reworking-nodejs-for-older-versions * Fixing-nodejs-syntax * Tweaking-apt-types-nodejs * Separating-node-tasks-for-older-node * Altering workflow in GitHub Actions for building wiki2pages files. * Attempting to set a hosts file for Ansible in CI. * Trying to force Ansible host. * Trying to force Ansible host. * Trying with an inventory file instead. * Running Ansible as the 'ce-dev' user. * Fixing path to playbook. * Disabling host key checking. * Disabling host checking in SSH. * Trying to use ce-dev user instead of root. * Fixing path to scripts. * Adding some debug lines to check playbooks. * Fixing workspace volume mount point. * Trying a whole new /build location. * Setting permissions on mounted disk. * Checking ce-dev dir contents. * Changing mount point to not destroy ce-dev files. * Commenting permissions line. * Fixing playbook paths. * Outputting hosts and SSH config for debug. * Checking SSH settings. * Manually creating authorized_keys. * Fixing path to set-current. * Refactoring SSH set-up and looking at set-current script. * Trying to fix mount point. * Updating paths to generated docs. * Trying to pass in path to wiki2pages. * Removing obsolete debug line. * Correcting path to script. * Changing path we execute from. * Adding first pass at docs publish step. * Repairing working dir paths. * Incorrect repo path. * Removing most of the debug lines. * Publish docs pr 2.x (#2164) * Altering workflow in GitHub Actions for building wiki2pages files. * Attempting to set a hosts file for Ansible in CI. * Trying to force Ansible host. * Trying to force Ansible host. * Trying with an inventory file instead. * Running Ansible as the 'ce-dev' user. * Fixing path to playbook. * Disabling host key checking. * Disabling host checking in SSH. * Trying to use ce-dev user instead of root. * Fixing path to scripts. * Adding some debug lines to check playbooks. * Fixing workspace volume mount point. * Trying a whole new /build location. * Setting permissions on mounted disk. * Checking ce-dev dir contents. * Changing mount point to not destroy ce-dev files. * Commenting permissions line. * Fixing playbook paths. * Outputting hosts and SSH config for debug. * Checking SSH settings. * Manually creating authorized_keys. * Fixing path to set-current. * Refactoring SSH set-up and looking at set-current script. * Trying to fix mount point. * Updating paths to generated docs. * Trying to pass in path to wiki2pages. * Removing obsolete debug line. * Correcting path to script. * Changing path we execute from. * Adding first pass at docs publish step. * Repairing working dir paths. * Incorrect repo path. * Removing most of the debug lines. * Adding more debug to try to find where 1.x is coming from. * Moving the hugo script check. * More debug. * Moving the config.toml debug line. * Checking the entire disk for 2.x. * Trying a find instead of a grep. * Trying to update ce-provision and ce-deploy. * Getting more debug info. * Adding --verbose to Ansible. * Trying running Hugo directly. * Changed the Hugo start script. * Trying just running 'hugo' in the right directory. * Adding ce-deploy back in with option to not run Hugo. * Updating docs to make _Sidebar.md lose the starting slash. * Publish docs pr 2.x (#2166) * Altering workflow in GitHub Actions for building wiki2pages files. * Attempting to set a hosts file for Ansible in CI. * Trying to force Ansible host. * Trying to force Ansible host. * Trying with an inventory file instead. * Running Ansible as the 'ce-dev' user. * Fixing path to playbook. * Disabling host key checking. * Disabling host checking in SSH. * Trying to use ce-dev user instead of root. * Fixing path to scripts. * Adding some debug lines to check playbooks. * Fixing workspace volume mount point. * Trying a whole new /build location. * Setting permissions on mounted disk. * Checking ce-dev dir contents. * Changing mount point to not destroy ce-dev files. * Commenting permissions line. * Fixing playbook paths. * Outputting hosts and SSH config for debug. * Checking SSH settings. * Manually creating authorized_keys. * Fixing path to set-current. * Refactoring SSH set-up and looking at set-current script. * Trying to fix mount point. * Updating paths to generated docs. * Trying to pass in path to wiki2pages. * Removing obsolete debug line. * Correcting path to script. * Changing path we execute from. * Adding first pass at docs publish step. * Repairing working dir paths. * Incorrect repo path. * Removing most of the debug lines. * Adding more debug to try to find where 1.x is coming from. * Moving the hugo script check. * More debug. * Moving the config.toml debug line. * Checking the entire disk for 2.x. * Trying a find instead of a grep. * Trying to update ce-provision and ce-deploy. * Getting more debug info. * Adding --verbose to Ansible. * Trying running Hugo directly. * Changed the Hugo start script. * Trying just running 'hugo' in the right directory. * Adding ce-deploy back in with option to not run Hugo. * Updating docs to make _Sidebar.md lose the starting slash. * Changing sidebar paths didn't fix Hugo. * Re-removing opening slash to fix Hugo. * Fixing Sidebar merge issues. * Publish docs pr 2.x (#2168) * Altering workflow in GitHub Actions for building wiki2pages files. * Attempting to set a hosts file for Ansible in CI. * Trying to force Ansible host. * Trying to force Ansible host. * Trying with an inventory file instead. * Running Ansible as the 'ce-dev' user. * Fixing path to playbook. * Disabling host key checking. * Disabling host checking in SSH. * Trying to use ce-dev user instead of root. * Fixing path to scripts. * Adding some debug lines to check playbooks. * Fixing workspace volume mount point. * Trying a whole new /build location. * Setting permissions on mounted disk. * Checking ce-dev dir contents. * Changing mount point to not destroy ce-dev files. * Commenting permissions line. * Fixing playbook paths. * Outputting hosts and SSH config for debug. * Checking SSH settings. * Manually creating authorized_keys. * Fixing path to set-current. * Refactoring SSH set-up and looking at set-current script. * Trying to fix mount point. * Updating paths to generated docs. * Trying to pass in path to wiki2pages. * Removing obsolete debug line. * Correcting path to script. * Changing path we execute from. * Adding first pass at docs publish step. * Repairing working dir paths. * Incorrect repo path. * Removing most of the debug lines. * Catching up devel. (#2163) * Bug fixes 2.x pr 2.x (#1395) * Improving AWS subnet docs. * Error in timers structure in the SSL role. * Removing obsolete backports requirements. * Allow the billing role to access Sustainability information. * Missing comma in IAM billing policy. * Removing broken GitLab Runner code. * Fixed the include_role task in gitlab_runner. * Suppressing a failure if there is no system pip to call. * Logic error in Ansible installer username, needs to be set from calling role. * ansible_user is a reserved variable, seems to be causing issues. * _ansible_ANYTHING is reserved, using _install_username instead. * python_boto role also needs the username set in the calling role. * Updating python_boto docs. * Making profile.d loading more robust. * Also pip removing ansible-core and trying with pip and pip3 to cover all bases. * Updating bad AWS SG role var namespacing in other roles. * Refactoring how we handle python3-pip. * Allow passing in of the Python interpreter to Ansible. * Updating the packages server for CE. * Installing Ansible in a venv on all machines. * Changing common_base format for readability. * No need to specify Python to the point release. * Docs update. * Fixing LDAP SSL to use systemd timer. * Allowing different systemd timer names for different Ansible installs. * Fixing dynamic key name in ansible role. * Trying to debug missing timer_command var. * Treating the timer string so it becomes a dict. * Moving default log location for clamav. * Updating ClamAV docs. * Ansible install perms pr 2.x (#1398) * 2.x (#1363) * Devel 2.x (#1216) * R62347 fix postfix mail delivery pr devel (#791) * GitHub Actions - Rebuilt documentation. * Need to check if is_local is defined in webserver meta dependencies. (#522) * Ce dev refactor pr 1.x (#518) * Making it easier to test with provision-target and ce-dev. * Moving the provision forcing var back to plays so _init has it. * Adding defaults vars and test script extra options. * Adding a web server test to CI. * examples string needs to be in quotes. * Making sure is_local and _ce_provision_force_play are available to the _init role. * Adding SSH keys to the provision user. * Adding a --force to the test script. * Explicitly adding vars to role. * Fixing _init behaviour and adding SSH key for web role. * Setting default PHP version to 7.4. * Looking up the generated ce-dev SSH key instead of hard-coding one. * We cannot run the ssh_server role locally, so excluding for tests of webserver role. * Trying to remove user_root.yml in case it's breaking CI. * Adding a verbose mode to the test script. * Exposing the command in the test script. * Trying hard-coded keys again. * Changing location of data dir for test containers. * Putting vars back and restricting CI to the 'web' example. * Adding backup handling to ldap_server. (#525) * Adding backup handling to ldap_server. * Improving SSL docs and handling perms for openldap and letsencrypt. * Cron user must be specified with file. * Running as root, do not need a 'sudo' in this cron. * Allowing 'gitLab' to disable Prometheus. (#530) * Allowing 'gitLab' to disable Prometheus. * Booleans to use in jinja2 as strings must be cast as strings. * GitHub Actions - Rebuilt documentation. (#526) Co-authored-by: Code Enigma CI <[email protected]> * Prometheus pr 1.x (#533) * Allowing 'gitLab' to disable Prometheus. * Booleans to use in jinja2 as strings must be cast as strings. * Tidying up CI and adding a GitLab test. * Fixing CI job description. * Add private files support for Drupal in Nginx. (#535) * Prometheus pr 1.x (#539) * Allowing 'gitLab' to disable Prometheus. * Booleans to use in jinja2 as strings must be cast as strings. * Tidying up CI and adding a GitLab test. * Fixing CI job description. * Adding a firewall config preset to open port 80 for LetsEncrypt. * Removing our unused ClamAV roles and adding a Galaxy role to common base. (#541) * Revert "Moving OSSEC pkill to use process_manager role instead. (#258)" (#544) This reverts commit 73c7bd0adb1105436e484fe794182c915b2d25dd. * Moving key servers to a variable so we can set them. (#555) * Moving key servers to a variable so we can set them. * Allowing us to disable sending keys completely. * Oops, doubled up on existing functionality. * Fixing var name. * Adding a reboot option to the patching role. (#557) * Add minimal support for Aurora RDS instances (#567) * Attempt to create an RDS read replica. * Use new task to create Aurora RDS instances. * Try and fix linting issues. * Don't pass max_storage variable for Aurora instances. * Remove more storage related vars from Aurora RDS instance creation task. * Add profile and region to read replica creation. * Try creating the Aurora read replica another way. * Add some debug info. * Work around the silly registering of variables in Ansible. * Rename an RDS CloudWatch task for Aurora DBs and remove RDS debug info. * Add some Aurora info to aws_rds README file. * Use reader instead of replica for Aurora readers. * Remove db_cluster_identifier variable from non-Aurora RDS task. * Gpg servers fix pr 1.x (#571) * Moving key servers to a variable so we can set them. * Allowing us to disable sending keys completely. * Oops, doubled up on existing functionality. * Fixing var name. * Using a pipe to grep with 'command' cannot work, refactoring. * Making CI use the meta deploy role to test gitlab. * We mustn't assume AWS servers for deploy and controller. * Support termination protection in EC2. (#573) * Support termination protection in EC2. * Fixing CI vars. * Fixing CI vars. * Fix managed SSL key perms and the variable used for the private key. (#575) * Ec2 subnet lookup pr 1.x (#583) * First pass at EC2 subnet detection. * Touching subnet file to ensure it exists. * Trying a different approach, file module didn't work. * Switching back to file module. * We need to create the directory for new servers too. * Bad variable name. * Ec2 subnet lookup pr 1.x (#589) * First pass at EC2 subnet detection. * Touching subnet file to ensure it exists. * Trying a different approach, file module didn't work. * Switching back to file module. * We need to create the directory for new servers too. * Bad variable name. * Changing subnet lookup order to check for defined subnet first. * Fixing gitlab-runner overriders so upgrades do not break the runner. (#586) * Fixing gitlab-runner overriders so upgrades do not break the runner. * Fixing override file template. * Hopefully fixing CI. * Making sure the service directory exists. * We cannot use the deploy meta role in CI because of LDAP. * Changing dir perms and adding a force. * Gitlab runner service override pr 1.x (#591) * Fixing gitlab-runner overriders so upgrades do not break the runner. * Fixing override file template. * Hopefully fixing CI. * Making sure the service directory exists. * We cannot use the deploy meta role in CI because of LDAP. * Changing dir perms and adding a force. * Debugging gitlab-runner directory creation issues in CI. * Fixing linting error. * Removing verbosity again but leaving 'stat' command in. * Pass db_cluster_identifier for RDS instance during ASG build (#600) * Pass RDS db_cluster_identifier, if present, during an ASG build. * Use correct variable name for RDS db_cluster_identifier. * Add a commented variable to ASG role for db_cluster_identifier so it's documented. * Also pass in the aurora_reader var from the ASG role when including the aws_rds role. (#605) * Removing obsolete MySQL config option log_syslog from template. (#607) * GitHub Actions - Rebuilt documentation. (#536) Co-authored-by: Code Enigma CI <[email protected]> * Consistent default region pr 1.x (#611) * Moving all region settings to _aws_region var and adding README update. * Documentation update. * No need for region, IAM SAML setup is global, (#617) * Support ebs encryption pr 1.x (#609) * Adding volume encryption and type options plus a bit more flexibility on EBS control for EC2. * Setting more sane default instance sizes. * Adding more EBS options for ASGs. * Setting encryption to match AMI settings. * Setting encryption to match AMI settings. * We also need to dynamically set the ASGs own encrypt_boot var. * We need to merge the new branch changes before we can rebuild the docs. * Fixing merge command in CI. * Not sure toc.sh is actually executing. * Refactoring encrypt EBS flags to avoid detected loop condition in vars. * Safer CI, only adds .md files. * Trying to figure out CI logic for building docs. * Trying to figure out CI logic for building docs. * Trying to figure out CI logic for building docs. * Trying adding a git pull. * Setting git pull config options. * Reordering things. * Adding --allow-unrelated-histories to the git pull. * Trying a feature branch approach. * Forcing the GitHub action to fetch all git history. * Bad whitespace, naughty whitespace. * Trying a different PR action. * Do not merge the branch in, we only want the markdown changes. * Keeping the documentation branch clean. * We need to push a detached HEAD. * Do we need the checkout at all? * Adding a docs pull. * Allow install|update scripts in Drupal8+ (#599) * Add some flexibility to Packer (#633) * Add ability to pass on-error and force to Packer. * Add new Packer options to the ASG role as well. * Packer build options need to be declared before the file that is being built. * Allow Packer ssh_username to be set. * Making PHP >= 8.0 compatible (#634) * Packer VPC filtering (#638) * Add ability to set vpc_filter and subnet AZ for Packer builds. * Add fqcn-builtins to .ansible-lint warn_list for now. * GitHub Actions seemingly ignores warn_list. * Use simplified variables for Packer VPC stuff. * Only use one filter when filtering VPCs for Packer. * Cert management pr 1.x (#640) * Making sure we can't accidentally commit AWS API credentials. * Initial commit of ACM role. * Only pause for a get-certificate call if we want to export. * Updating docs. * Cert management pr 1.x (#642) * Making sure we can't accidentally commit AWS API credentials. * Initial commit of ACM role. * Only pause for a get-certificate call if we want to export. * Updating docs. * Missed a couple of variables to update. * Cert management pr 1.x (#644) * Making sure we can't accidentally commit AWS API credentials. * Initial commit of ACM role. * Only pause for a get-certificate call if we want to export. * Updating docs. * Missed a couple of variables to update. * We cannot rely on the variable being nonexistent here. * Cert management pr 1.x (#647) * Making sure we can't accidentally commit AWS API credentials. * Initial commit of ACM role. * Only pause for a get-certificate call if we want to export. * Updating docs. * Missed a couple of variables to update. * We cannot rely on the variable being nonexistent here. * Allowing ce-provision to set the basic auth message for Nginx. * Supporting SAN certs and tags on ACM certificates. * Fixing namespacing. * Auto-generating SSL certs for ALB and CloudFront. * More namespace fixes. * Fixing CI issue with missing AWS region var. * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. * Adding public IP option to LC config for ASGs. * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. * Fixing mistake in domains set_fact. * Fixing AnsibleUndefined bug caused by skipped task. * Fix Nginx auth_message in vhost (#653) * Revert auth_message change in Nginx role for now. * Revert "Revert auth_message change in Nginx role for now." This reverts commit d030e4c628728ab553a0f5687497cf566bcd1179. * Add default for Nginx auth_message. * Cert management pr 1.x (#655) * Making sure we can't accidentally commit AWS API credentials. * Initial commit of ACM role. * Only pause for a get-certificate call if we want to export. * Updating docs. * Missed a couple of variables to update. * We cannot rely on the variable being nonexistent here. * Allowing ce-provision to set the basic auth message for Nginx. * Supporting SAN certs and tags on ACM certificates. * Fixing namespacing. * Auto-generating SSL certs for ALB and CloudFront. * More namespace fixes. * Fixing CI issue with missing AWS region var. * Reinstating replace_batch_size for ASGs to see if it speeds up infra builds. * Adding public IP option to LC config for ASGs. * Refactoring ACM domain handling so we can create DNS entries for each SAN domain. * Fixing mistake in domains set_fact. * Fixing AnsibleUndefined bug caused by skipped task. * Handling multiple domain validations for SAN certs. * Fixing bad variable name. * Fixing ASG DNS entries so it adds entries for SAN cert domains too. * For DNS validation we should not use --domain-validation-options at all. * Writing over the aws_acm.extra_domains var didn't work, setting a new var instead. * Bad dict structure. * Improving multi domain handling for ASG DNS. * Supporting multiple CloudFront aliases for an ASG. * Adding options to disable sign-up, sign-in and private projects. (#663) * Making ALB healthchecks optional and defaulting to disabled. (#670) * Making ALB healthchecks optional and defaulting to disabled. * Defaulting back to ELB health checks. * Remove alb healthchecks pr 1.x (#673) …
- Loading branch information
26 people
authored
Jan 8, 2025
1 parent
800a817
commit 5c935e4