Skip to content

1.23.0
Compare
Choose a tag to compare
@nodiscc nodiscc released this 09 Mar 00:29
· 220 commits to master since this release
1.23.0
d6ebe9f
This commit was signed with the committer’s verified signature.
nodiscc nodiscc
GPG key ID: 067FC4266A4B6909
Verified
Learn about vigilant mode.

v1.23.0 - 2024-04-09

Upgrade procedure:

  • xsrv self-upgrade to upgrade the xsrv script
  • xsrv upgrade to upgrade roles/ansible environments to the latest release
  • monitoring_netdata: netdata_log_to_syslog, netdata_disable_debug_log, netdata_disable_error_log, netdata_disable_access_log variables are no longer used and can be removed from your configuration, if you changed them from the defaults (xsrv edit-host/edit-group)
  • monitoring_rsyslog: if rsyslog_enable_forwarding is set to yes in your host/group variables (xsrv edit-host/edit-group), set rsyslog_forward_to_inventory_hostname to the inventory hostname of the syslog/graylog server receiving the logs
  • graylog: under Inputs, edit all syslog/TLS inputs to use the new paths for TLS cert file: /etc/ssl/syslog/ca.crt, TLS private key: /etc/ssl/syslog/ca.key, TLS client auth trusted certs: /etc/ssl/syslog/ca.crt. You may also delete data/certificates/*-graylog-ca.crt files in your project directory since they are no longer used.
  • xsrv deploy to apply changes

Added:

  • xsrv: add scan command (scan a project directory for cleartext secrets/passwords using trivy)
  • xsrv: add show-groups command (list all groups a host is a member of)
  • monitoring_rsyslog: allow receiving logs from syslog clients over the network on port 514/tcp (rsyslog_enable_receive: no/yes)

Removed:

  • monitoring_netdata: remove configuration variables netdata_log_to_syslog, netdata_disable_debug_log, netdata_disable_error_log, netdata_disable_access_log

Changed:

  • gitea_act_runner: disable automatic nightly prune of podman images/containers by default gitea_act_runner_daily_podman_prune: no/yes
  • monitoring_netdata: send all logs to systemd-journald, except access log
  • monitoring_netdata: disable machine learning/anomaly detection functionality when streaming to a parent node (when netdata_streaming_send_enabled is enabled)
  • shaarli: allow setting the default view mode when using the stack template (shaarli_stack_default_ui: small/medium/large), change the default to medium
  • monitoring_rsyslog/graylog: setup mutual TLS authentication between syslog clients and server, sign server and client certificates with server CA certificate - rsyslog_forward_to_inventory_hostname is now required on rsyslog clients
  • common: apt: enable non-free-firmware section when apt_enable_nonfree: yes [1]
  • gitea: update to v1.21.7 [1] [2]
  • nextcloud: upgrade to v28.0.3 [1] [2]
  • shaarli: update stack template to v0.7 [1] [2]
  • matrix: update synapse-admin to v0.9.1
  • matrix: update element-web to v1.11.59 [1] [2]
  • xsrv: update ansible to v9.3.0
  • cleanup: standardize task names, remove files from old versions of the roles, use community.crypto.x509_certificate instead of deprecated openssl_certificate modules
  • update documentation, add Gitea/Github Actions example for secret scanning, add graylog backup restoration procedure
  • improve automatic tests

Fixed:

  • monitoring_netdata/rsyslog: fix netdata logs no longer being appended to syslog
  • shaarli: fix stack theme favicon not being displayed
  • postgresql: fix role execution when called with rsyslog ansible tag

Full changes since v1.22.0

Assets 2
Loading