-
Notifications
You must be signed in to change notification settings - Fork 16
/
CHANGELOG
502 lines (399 loc) · 19.9 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
* Fri Dec 13 2024 Steven Pritchard <[email protected]> - 7.6.0
- Add EL9 support
* Fri Sep 13 2024 Steven Pritchard <[email protected]> - 7.5.0
- [puppetsync] Update module dependencies to support simp-iptables 7.x
* Wed Oct 11 2023 Steven Pritchard <[email protected]> - 7.4.0
- [puppetsync] Updates for Puppet 8
- These updates may include the following:
- Update Gemfile
- Add support for Puppet 8
- Drop support for Puppet 6
- Update module dependencies
* Thu Sep 07 2023 Steven Pritchard <[email protected]> - 7.3.0
- Add AlmaLinux 8 support
* Mon Jun 12 2023 Chris Tessmer <[email protected]> - 7.2.0
- Add RockyLinux 8 support
* Tue Jul 06 2021 Trevor Vaughan <[email protected]> - 7.1.0
- Fixed
- Ensure that all file resources that manage more than permissions have an
'ensure' attribute - See PUP-7599
- Changed
- Moved the 'magic' file into an EPP template to work better with Bolt
* Wed Jun 16 2021 Chris Tessmer <[email protected]> - 7.1.0
- Removed support for Puppet 5
- Ensured support for Puppet 7 in requirements and stdlib
* Fri Feb 26 2021 Liz Nemsick <[email protected]> - 7.0.2
- Use systemd to reload/restart the httpd service.
- Expanded simp/rsyslog dependendency range to < 9.0.0.
* Wed Jan 13 2021 Chris Tessmer <[email protected]> - 7.0.2
- Removed EL6 from supported OSes
* Thu Nov 05 2020 Trevor Vaughan <[email protected]> - 7.0.1-0
- Default to only TLS1.2
* Thu Jan 16 2020 Jeanne Greulich <[email protected]> - 7.0.0-0
- Update Puppet module to support EL8
- Remove deprecated Puppet 3 API functions:
- apache_auth: replaced by simp_apache::auth
- apache_limits: replaced by simp_apache::limits
- munge_httpd_networks: replaced by simp_apache::munge_httpd_networks
- Update the upper bound of simp-simplib to < 5.0.0
* Wed Jul 24 2019 Trevor Vaughan <[email protected]> - 6.2.0-0
- Split out service management into a `simp_apache::service` class
- Provide users with a Hiera-driveable option to not manage the service
- Add REFERENCE.md
* Wed Jul 17 2019 Robert Vincent <[email protected]> - 6.2.0-0
- Ensure that the simp_apache::munge_httpd_networks does not attempt to modify
passed parameters.
* Thu Jun 06 2019 Steven Pritchard <[email protected]> - 6.2.0-0
- Add v2 compliance_markup data
- Drop support for Puppet 4
- Add support for Puppet 6
- Add support for puppetlabs-stdlib 6
* Mon Mar 25 2019 Jim Anderson <[email protected]> - 6.1.3-0
- Added command to force purging of the conf/ and conf.d/ folders in
/etc/httpd.
* Thu Mar 21 2019 Joseph Sharkey <[email protected]> - 6.1.2-0
- Removed unnecessary bracketize function
* Wed Feb 13 2019 Liz Nemsick <[email protected]> - 6.1.1-0
- Use simplib::passgen() in lieu of passgen(), a deprecated simplib
Puppet 3 function.
- Use simplib::nets2cidr in simp_apache::munge_httpd_networks in
in lieu of nets2cidr(), a deprecated simplib Puppet 3 function.
- Use simplib::ipaddresses in lieu of ipaddresses(), a deprecated
simplib Puppet 3 function.
- Update the upper bound of stdlib to < 6.0.0
- Update a URL in the README.md
* Fri Oct 12 2018 Nick Miller <[email protected]> - 6.1.0-0
- Added $package_ensure parameters to simp_apache::install
- $httpd_ensure $mod_ldap_ensure $mod_ssl_ensure
- Changed the package from 'latest' to 'installed'
- Each ensure parameter will also respect `simp_options::package_ensure`
- Update badges and contribution guide URL in README.md
* Fri Sep 07 2018 Liz Nemsick <[email protected]> - 6.1.0-0
- Drop Hiera 4 support
* Wed Sep 05 2018 Nicholas Markowski <[email protected]> - 6.1.0-0
- Updated $app_pki_external_source to accept any string. This matches the functionality
of pki::copy.
* Tue Jul 17 2018 Trevor Vaughan <[email protected]> - 6.1.0-0
- Support for Puppet5/OEL
- fixed htaccess tests for Gitlab
* Thu Jun 14 2018 Nick Miller <[email protected]> - 6.0.2-0
- Update systemd fixtures and CI assets
- Update version range of auditd dependency in metadata.json
* Mon Apr 16 2018 Jeanne Greulich <[email protected]> - 6.0.2-0
- set owned to simp_apache::user instead of simp_apache group on
configuration files.
- remove simpcat as dependency
- cleaned up fixtures file
* Thu Jun 22 2017 Liz Nemsick <[email protected]> - 6.0.1-0
- Create namespaced, Puppet 4 versions of externally-used Puppet 3
functions and mark the Puppet 3 functions as deprecated. They will
be removed in a later release.
- apache_auth should be replaced with simp_apache::auth
- apache_limits should be replaced with simp_apache::limits
- munge_httpd_networks should be replaced with simp_apache::munge_httpd_networks
- Update puppet requirement and remove OBE pe requirement in metadata.json
* Mon Jan 23 2017 Nick Miller <[email protected]> - 6.0.0-0
- Fixed dependency logic with mod_ldap to not install it on CentOS 7
- Rsyslog calls no longer include implied logic
- Rsync now calls the correct share
* Tue Jan 17 2017 Nick Markowski <[email protected]> - 6.0.0-0
- simp_apache::site now includes simp_apache
* Tue Jan 10 2017 Nick Markowski <[email protected]> - 6.0.0-0
- Updated pki scheme
- Application certs are managed in /etc/pki/simp_apps/simp_apache/x509
* Fri Dec 30 2016 Nick Miller <[email protected]> - 6.0.0-0
- Renamed `add_site` to `site`
- Strongly typed module
- Updated module assets
- Wrote a basic class acceptance test
* Wed Dec 07 2016 Nick Markowski <[email protected]> - 6.0.0-0
- Updated catalysts to take defaults from simp_options
* Thu Dec 01 2016 Trevor Vaughan <[email protected]> - 6.0.0-0
- Updated to use the environment-aware rsync in SIMP 6
* Thu Dec 01 2016 Nicholas Hughes, Nick Markowski <[email protected]> - 5.0.1-0
- Prevent log duplication and log where intended
- Changed naming to XX_ or YY_ to come before the default Z_default.conf
for local rules, but after the numbered configs used by the log_server
class.
* Wed Nov 23 2016 Jeanne Greulich <[email protected]> - 5.0.0-0
- update requirement versions
* Fri Nov 18 2016 Chris Tessmer <[email protected]> - 5.0.0-0
- Updated to compliance_markup version 2
* Wed Nov 16 2016 Liz Nemsick <[email protected]> - 5.0.0-0
- Updated iptables dependency version
* Fri Nov 11 2016 Liz Nemsick <[email protected]> - 5.0.0-0
- Fixed bug in which htaccess type would fail to compile as it
required 'sha1' instead of 'digest/sha1'
- Fixed bug in which htaccess provider dropped the first line
of an existing htaccess file, when that line did not contain
the Puppet-management warning comment.
- Eliminated use of deprecated Puppet.newtype
* Fri Sep 30 2016 Trevor Vaughan <[email protected]> - 5.0.0-0
- Deconflict with the puppetlabs-apache module and move to the name
'simp_apache'
* Wed Sep 28 2016 Chris Tessmer <[email protected]> - 4.1.6-0
- Fix Forge `haveged` dependency name
* Tue Jul 19 2016 Lucas Yamanishi <[email protected]> - 4.1.5-0
- Add default Require to apache_limits() output
* Thu Jun 30 2016 Nick Markowski <[email protected]> - 4.1.4-0
- Haveged included by default for entropy generation.
* Sun May 22 2016 Trevor Vaughan <[email protected]> - 4.1.3-0
- Ensure that PKI certificates that are downloaded without using simp::pki are
copied recursively.
* Thu Apr 14 2016 Trevor Vaughan <[email protected]> - 4.1.2-0
- Ensure that the munge_httpd_networks array is flattened on return. This is a
Ruby 1.9 compatiblity issue.
* Sat Mar 19 2016 Trevor Vaughan <[email protected]> - 4.1.1-0
- Migrated use_simp_pki to a global catalyst.
* Tue Mar 01 2016 Ralph Wright <[email protected]> - 4.1.0-21
- Added compliance function support
* Tue Jan 26 2016 Chris Tessmer <[email protected]> - 4.1.0-20
- Normalized common static module assets
* Thu Jan 07 2016 Trevor Vaughan <[email protected]> - 4.1.0-19
- Updated to correct some ordering issues.
* Thu Nov 12 2015 Trevor Vaughan <[email protected]> - 4.1.0-18
- Updated to switch from 'lsb*' facts to 'operatingsystem*' facts for
environments that don't install the LSB packages.
* Mon Nov 09 2015 Chris Tessmer <[email protected]> - 4.1.0-17
- migration to simplib and simpcat (lib/ only)
* Thu Feb 19 2015 Trevor Vaughan <[email protected]> - 4.1.0-16
- Migrated to the new 'simp' environment.
* Fri Jan 16 2015 Trevor Vaughan <[email protected]> - 4.1.0-15
- Changed puppet-server requirement to puppet
* Mon Dec 15 2014 Kendall Moore <[email protected]> - 4.1.0-14
- Updated the templates to use mod_version instead of custom apache_version fact.
- Ensure that mod_ldap in installed by default on TC versions > 5.0.
- Properly scoped all custom function definitions.
* Thu Dec 04 2014 Trevor Vaughan <[email protected]> - 4.1.0-13
- Updated to properly handle the SSL protocols in Apache. We now add a
+ if one is warranted and just keep the entry if it starts with a +
a minus or is 'all'.
* Fri Oct 17 2014 Trevor Vaughan <[email protected]> - 4.1.0-12
- CVE-2014-3566: Updated protocols to mitigate POODLE.
* Mon Sep 08 2014 Trevor Vaughan <[email protected]> 4.1.0-11
- Properly confined the apache_version fact.
- Updated the apache::validate hash to not include booleans. They are
not allowed on the left hand side of the comparison hash.
* Tue Aug 26 2014 Kendall Moore <[email protected]> - 4.1.0-10
- Fixed the apache_version fact to return unkown when Apache is not installed.
* Tue Jul 29 2014 Trevor Vaughan <[email protected]> - 4.1.0-9
- Fix munge_httpd_networks
- Updated to use /var/www for SIMP>=5
* Mon Jul 21 2014 Trevor Vaughan <[email protected]> - 4.1.0-9
- Updated munge_httpd_networks to strip out entries that are blank or
nil.
* Mon Jun 23 2014 Trevor Vaughan <[email protected]> - 4.1.0-8
- Fixed SELinux check for when selinux_current_mode is not found.
- RHEL7 compatiblity updates
- Added a fact, 'apache_version', to allow for minute differences
between the 2.2 and 2.4 versions of Apache
* Sun Jun 22 2014 Kendall Moore <[email protected]> - 4.1.0-8
- Removed MD5 file checksums for FIPS compliance.
* Fri Jun 13 2014 Nick Markowski <[email protected]> - 4.1.0-7
- Unbound apache package from service to fix ordering in bootstrap
* Fri May 16 2014 Kendall Moore <[email protected]> - 4.1.0-6
- Updated cipher set in SSL to be an array instead of a string.
* Wed Apr 30 2014 Trevor Vaughan <[email protected]> - 4.1.0-5
- Removed all references to $::primary_ipaddress and replaced them with a
collection of all local IP addresses in the ERB files.
* Tue Apr 29 2014 Nick Markowski <[email protected]> - 4.1.0-5
- Updated apache_limits required directives from core to mod_authnz_ldap,
by changing Require user/group "foo" to Require ldap-user/group foo.
* Mon Apr 14 2014 Trevor Vaughan <[email protected]> - 4.1.0-4
- Removed the ks and yum sites and moved them into the simp module.
- Removed the runpuppet templated and moved it into the simp module.
* Fri Apr 04 2014 Nick Markowski <[email protected]> - 4.1.0-4
- Selinux booleans now set if mode != disabled
* Wed Mar 19 2014 Trevor Vaughan <[email protected]> - 4.1.0-3
- Removed the apache_syslog script and replaced all calls with calls
to logger for scalability.
- Updated the munge_httpd_networks function to call nets2cidr where appropriate
and accept pretty much everything else since Apache can take so many
different options.
- Removed the broken PKI copy code and call the new pki::copy define.
* Fri Mar 14 2014 Trevor Vaughan <[email protected]> - 4.1.0-2
- Re-added the ability to have Apache log via syslog directly.
- Removed the passgen template and replaced it with a call to the
passgen function.
* Wed Feb 12 2014 Trevor Vaughan <[email protected]> - 4.1.0-1
- Ensure that apache::conf::allowroot defaults to ['127.0.0.1','::1']
- Small amounts of cleanup to start complying with the PL coding standards.
- Added management of the $data_dir (/srv/www) to the ::apache class.
This removes it from floating in the manifests space.
- Modified the apache restart script to do a reload and then restart
if that fails. This should ensure minimal downtime of all running
apps.
- Updated the runpuppet script to ensure that the clients will
properly use the new variables and that servers can kick other
servers.
- Update to runpuppet to ensure that the first run of puppet has a waitforcert
to allow for manual certificate signing. Submission from Lab76.org.
* Thu Jan 09 2014 Trevor Vaughan <[email protected]> - 4.1.0-1
- Updated the runpuppet init script such that it will remain on the
system but in a completely disabled state.
* Tue Nov 12 2013 Trevor Vaughan <[email protected]> - 4.1.0-0
- Restructured the entire apache module to be hiera friendly.
- Eliminated all singleton defines.
- Added the ability to use a custom PKI source and not use the SIMP
source.
- Added toggles for all SIMP specific items.
* Thu Oct 03 2013 Kendall Moore <[email protected]> - 4.0.0-14
- Updated all erb templates to properly scope variables.
* Wed Oct 02 2013 Trevor Vaughan <[email protected]> - 4.0.0-14
- Use versioncmp for all version comparisons.
* Wed Sep 11 2013 Trevor Vaughan <[email protected]> - 4.0-13
- Added an apache::validate class that currently supports the apache_auth
material but could be used to hold other values.
- Added an apache_limits function which takes a hash of options and returns a
formatted set of 'Limit' statements suitable for direct insertion into an
Apache configuration.
- Added an apache_auth function which takes a hash of options and returns a
formatted segment of Apache auth sections. Currently supports 'file'
(htpasswd) and 'ldap'.
* Thu May 02 2013 Trevor Vaughan <[email protected]>
4.0-12
- Work performed jointly with Kendall Moore <[email protected]>
- Named properly switches between chroot and non-chroot versions based on
whether or not SELinux is enforcing.
* Mon Feb 25 2013 Maintenance
4.0-12
- Added a call to $::rsync_timeout to the rsync call since it is now required.
* Wed Feb 20 2013 Maintenance
4.0-11
- Updated the ssl.conf and httpd.conf templates because function calls require
an argument of an array rather than allowing for single string arguments.
* Fri Jan 04 2013 Maintenance
4.0-10
- Added a custom function 'munge_httpd_networks' that will accept an array, or
string, and return an array of translated network addresses. At this time,
the only translation is from 0.0.0.0* to 'ALL' since apache really doesn't
like 0.0.0.0/0.
* Mon Oct 22 2012 Maintenance
4.0-9
- Updated the runpuppet script to not log remotely during the puppet
runs so that large numbers of spawning client won't kill the master.
* Wed Oct 03 2012 Maintenance
4.0.0-8
- Added a sleep statement after the reboot in the runpuppet script to
keep it other startup scripts from continuing.
* Thu Jul 05 2012 Maintenance
4.0.0-7
- Cleaned up the yum and ks templates.
- Added the Option +Indexes to the yum and ks configurations. This allows for
browsing of the yum repositories which is important for virt-manager and
other kickstart utilities.
* Thu Jun 07 2012 Maintenance
4.0.0-6
- Ensure that Arrays in templates are flattened.
- Call facts as instance variables.
- Moved mit-tests to /usr/share/simp...
- Updated to work with IPv6 addresses.
- Updated pp files to better meet Puppet's recommended style guide.
* Fri Mar 02 2012 Maintenance
4.0.0-5
- Improved test stubs.
* Mon Feb 13 2012 Maintenance
4.0-4
- Added the ability for the apache user to be in multiple groups.
* Fri Dec 23 2011 Maintenance
4.0-3
- Added an initial set of tests.
- Scoped all of the top level variables.
- Modified the runpuppet template so that it properly detects the system's
status as a master.
- Replaced instances of 'ipaddress' with 'primary_ipaddress'
* Sat Nov 19 2011 Maintenance
4.0-2
- Moved the 'domain' entries after the ip addresses so that DNS lookups would
happen last.
* Fri Aug 12 2011 Maintenance
4.0-1
- Added support for a variable 'ks_ntp_servers' which will override the
'ntp_servers' variable from vars.pp inside of runpuppet.erb.
- Ensure that the '-b' option is passed to ntpdate in runpuppet.erb.
* Tue Jul 12 2011 Maintenance
4.0-0
- Added a variable $runpuppet_print_stats to runpuppet.erb that will enable
--evaltrace and --summarize if set to 'true'.
- Updated the htaccess type to properly work with Puppet >= 2.6
- Made some RHEL6 specific compatibilty changes.
- Added additional tags to the puppet runs in runpuppet.
* Mon Apr 18 2011 Maintenance - 2.0.0-3
- Changed puppet://$puppet_server/ to puppet:///
- The dhcp module now expects to have an associated rsync space that is
password protected.
- Added comments to apache::ssl::setup to note that users will need to manage
their own service restarts if they use alternate certificates.
- Ensure that apache restarts if any part of the certificte space is changed.
- Additional options have been added to the SSL configuration for flexibility.
- Removed Ganglia related material.
- Remove welcome.conf on the systems.
- Updated to use syslog by default.
* Fri Feb 04 2011 Maintenance - 2.0.0-2
- Changed all instances of defined(Class['foo']) to defined('foo') per the
directions from the Puppet mailing list.
- Bug fix in the puppet_passenger template to ensure that PassengerMaxPoolSize
is not set to 0 and also accounts for other units coming back from Facter.
- Converted to using rsync native type
2.0.0-1
- Added 'Allow from' to ganglia site template.
- Updated default values for number of passenger instances
- Updated default values for MaxClients and ServerLimit
- Updated runpuppet to use --no-splay
- Updated default value of purge in httpd_conf to false
* Tue Jan 11 2011 Maintenance
2.0.0-0
- Refactored for SIMP-2.0.0-alpha release
* Fri Jan 7 2011 Maintenance - 1.0-6
- Now ensure that the apache rsync does *not* delete the underlying files. This
turned out to be a poor initial design decision.
- Fixed bug that causes the apache rsync space to never be retrieved.
- Updated passenger template to use correct rubylib path
- Added a httpd_conf $purge variable that translates into whether or not to
remove anything that we don't have in rsync.
* Wed Jan 5 2011 Maintenance - 2.0.0
- Updated for the simp 2.0.0-alpha release
- Fixed bug causing apache rsync space to never be retrieved.
* Mon Dec 6 2010 Maintenance - 1.0-5
- Added the ability to modify the main user/group that apache runs as.
The group of all component files is still set to 'apache' so you'll need to
take that into account when you configure your site files.
- Added Ganglia Site
* Thu Oct 28 2010 Maintenance - 1.0-4
- Modified puppet_mongrel template to use revocation file.
* Tue Oct 26 2010 Maintenance - 1.0-3
- Converting all spec files to check for directories prior to copy.
* Thu Aug 12 2010 Maintenance
1.0-2
- runpuppet.erb now redirects all output to the log file and runs in verbose mode.
* Wed Jul 21 2010 Maintenance
1.0-1
- More refactoring.
* Wed Jun 02 2010 Maintenance
1.0-0
- CRLs now work properly.
- Passenger listens on 8140 and 8141 by default.
- Improved puppet_passenger template.
- Now point the certs in the mongrel and passenger templates at the local CA
certs, not the CA server certs.
- Code refactor.
* Thu Apr 29 2010 Maintenance
0.1-24
- Changed operatingsystemrelease to lsbmajdistrelease since RHEL5.5 shows as 5.5 and not 5.
* Wed Mar 17 2010 Maintenance
0.1-23
- Added a small sleep to the apache restart that prevents a race condition
caused by calling 'service httpd restart' just after 'service httpd stop'
* Thu Jan 28 2010 Maintenance
0.1-22
- Fixed a bug with the format of the puppet command variable in runpuppet.
- The script now executes cleanly out of the box.
* Thu Jan 14 2010 Maintenance
0.1-21
- Added 'TraceEnable off' to the default httpd.conf.
* Tue Dec 15 2009 Maintenance
0.1-20
- Add a yum clean all prior to running the puppetd run in runpuppet.
* Thu Nov 05 2009 Maintenance
0.1-19
- Prevent the runpuppet script from printing diff information to the logs.