Cookie Consent by PrivacyPolicies.com

This document shows the latest changes to the LogoDIDACT server software.

Important

Make a backup before update.

Example: make backup
root@ldhost:~ # ldsnapshot daily_bk1
Example: update
root@puppeteer:~ # ldupdate

2021-03-03

ld-ldap-server

1.3.210226-1

  • FIX: Made restart of Pykota service more reliable.

ld-mobile

4.78+6

  • JRE dependency is no longer managed via the package but via Puppet.

Note

For further details, please refer to Relution changelog http://repo.relution.io/docs/4.78/relution-changelog/changelog.html

ld-print-server

1.1.210222-1

  • NEW: New configuration for quota printing.

  • UPDATE: Adapted to current LDAP settings.

ld-puppet10

1.3.22-12

  • hiera:

    • ctrl-g1:

      • FIX: Simplify openjdk restart ld-control-service(-user-sync) logic.

    • ldmobile-g1:

      • UPDATE: Use java 11, remove 8.

      • FIX: Restart on ld_openjdk changes.

  • ld_openjdk:

    • FIX: Ensure that tls1.1 is enabled.

1.3.22-9

  • common:

    • UPDATE: Unify output/processing of hiera defined users via pwgen_sys_usrs.

  • ld_kopano:

    • NEW: Allow to define spread webmeeting turn server via webapp configuration:

      • PLUGIN_SPREEDWEBRTC_TURN_AUTHENTICATION_PASSWORD

      • PLUGIN_SPREEDWEBRTC_TURN_AUTHENTICATION_URL

      • PLUGIN_SPREEDWEBRTC_TURN_AUTHENTICATION_USER

      • PLUGIN_SPREEDWEBRTC_TURN_USE_KOPANO_SERVICE

1.3.22-8

  • ld_legacy:

    • FIX: Allow pykota-admin user write all pykota attributes.

1.3.22-7

  • ld_kopano:

    • UPDATE: Reduce log verbosity of kopano components:

      • server to 3 (warning or worse)

      • presence to 3 (warning or worse)

  • ld_pydio:

    • FIX: Use bind dn/pw too.

ld-puppet50

5.0.56-9

  • common:

    • UPDATE: Unify output/processing of hiera defined users via pwgen_sys_usrs.

  • hiera:

    • ctrl-g1:

      • FIX: Simplify openjdk restart ld-control-service(-user-sync) logic.

    • ldmobile-g1:

      • UPDATE: Use java 11, remove 8.

      • FIX: Restart on ld_openjdk changes.

  • ld_kopano:

    • NEW: Allow to define spread webmeeting turn server via webapp configuration:

      • PLUGIN_SPREEDWEBRTC_TURN_AUTHENTICATION_PASSWORD

      • PLUGIN_SPREEDWEBRTC_TURN_AUTHENTICATION_URL

      • PLUGIN_SPREEDWEBRTC_TURN_AUTHENTICATION_USER

      • PLUGIN_SPREEDWEBRTC_TURN_USE_KOPANO_SERVICE

    • UPDATE: Reduce log verbosity of kopano components:

      • server to 3 (warning or worse)

      • presence to 3 (warning or worse)

  • ld_legacy:

    • FIX: Allow pykota-admin user write all pykota attributes.

  • ld_openjdk:

    • FIX: Ensure that tls1.1 is enabled.

  • ld_pydio:

    • FIX: Use bind dn/pw too.

ld-site-itb

1.5.210226-1

  • UPDATE: If control center is installed, a corresponding message is displayed when editing device list.

2021-03-01

ld-autoconf

2

  • NEW: Added Linux compatibility

  • NEW: Added WLAN with PSK for Linux

  • NEW: Added AirServer role

  • UPDATE: Added frequency parameter for display settings

ld-control-center

44.1

  • NEW: Only assign autoconfRoles to OS if type exists in meta systems. Closes: 2552

  • FIX: set default value defined in role yaml. Fix: 2575

ld-control-service

43.1

  • AutoConf

    • NEW: Added System List (WIDOWS, LINUX) to AutoconfRole.

ld-deploy-agent

73

  • NEW: Added autoconf support for linux images

  • NEW: Changed panel to include online driver archives metadata

  • UPDATE: Added improvements for network reconnections

  • UPDATE: Added improvements for network interface queries

  • UPDATE: Added retry and timeout handling for domain joins

  • UPDATE: Changed websocket reconnection handling

  • FIX: Fixed printer handling for unremovable printers

  • FIX: Fixed chocolatey exit code handling

  • FIX: Fixed http client not following redirects

  • FIX: Fixed panel crash during tray icon processing

ld-mobile

4.78+2

Note

Switch to JRE 11 For further details, please refer to Relution changelog http://repo.relution.io/docs/4.78/relution-changelog/changelog.html

ld-webconsole-replication

1.0.3

  • UPDATE: Handling of special characters in password added.

2021-02-05

ld-deploy-agent

72.2

  • FIX: Fixed printer spooler not running when installing printers.

ld-win-tools

5

  • NEW: Display position can be set.

  • FIX: Resolution ist set more reliably.

2021-02-03

ld-deploy-agent

72.1

  • FIX: Fixed printer install for multi-printer environments.

  • FIX: Fixed removal of printers during reinstallation.

ld-nextcloud

20.0.7

ld-puppet10

1.3.22-6

  • 3part.d:

    • nexus3_rest:

      • FIX: Enforce nuget v2 for proxy repos on creation

ld-puppet50

5.0.56-8

  • 3part.d:

    • nexus3_rest:

      • FIX: Enforce nuget v2 for proxy repos on creation.

2021-02-01

ld-puppet10

1.3.22-5

  • common:

    • UPDATE: A more generalize node name options for feature inclusions: remove following suffixes -[gcln]\d+

  • xibo17:

    • FIX: Using ldap bind dn and password now.

1.3.22-4

  • ld_legacy:

    • NEW: Allow to define additional attributs for ldap-ro via hiera key ld_legacy::ldap::ldap_ro_atts, defaults to (ldObjectType and ldRole).

    • UPDATE: Allow overwriting of sealed attributes.

    • FIX: Use currently used openldap uid/gid from logosrv.

    • FIX: Correct acl for ldap-ro (ou=users to ou=services).

  • ld_mobile:

    • UPDATE: Improve ldap tester to search for admin, requesting ldObjectType and ldRole.

  • profile:

    • ad-sync-g1:

      • FIX: Double deep merge dynamic/static configuration.

ld-puppet50

5.0.56-5

  • ld-base:

    • FIX: Correct installation of hp tools on physical machines.

  • ld_legacy:

    • UPDATE: Allow overwriting of sealed attributes.

  • ld_mobile:

    • UPDATE: Improve ldap tester to search for admin, requesting ldObjectType and ldRole.

  • rev-proxy:

    • FIX: Correct module metadata.

    • FIX: Correct datatype and typo in module hiera

  • xibo17:

    • FIX: Using ldap bind dn and password now.

5.0.56-4

  • ld_legacy:

    • NEW: Allow to define additional attributs for ldap-ro via hiera key ld_legacy::ldap::ldap_ro_atts, defaults to (ldObjectType and ldRole).

    • UPDATE: Allow overwriting of sealed attributes.

    • FIX: Use currently used openldap uid/gid from logosrv.

    • FIX: Correct acl for ldap-ro (ou=users to ou=services).

  • profile:

    • ad-sync-g1:

      • FIX: Double deep merge dynamic/static configuration.

  • site.d:

    • regioit-sgt(-vw)

      • FIX: Fix configuration for intern interface on ldhost.

zabbix-agent

5.2.4-1

Note

For further details, please refer to Zabbix changelog https://www.zabbix.com/de/rn/rn5.2.4

2021-01-28

ld-azure-sync

7.3.1

  • Teams:

    • UPDATE: By default, only the meeting organizer has the 'presenter' role (previously all participants had it).

    • UPDATE: By default, only the meeting organizer can bypass the lobby.

7.3

  • UPDATE: Will turn a class group into a team the moment it has an owner. Previously waited for a teacher to own the group. Now unmanaged owners are accepted.

2021-01-27

ld-puppet10

1.3.22-3

  • doc.d:

    • NEW: vmware/phys_for_logosrv_a_ldhost:

      • Add sample for vmware configuration variant phys for ldhost/logosrv instead of switching via openvswitch.

  • ld_legacy:

    • UPDATE: Don’t panic if no "intern" interface on ldhost is configured, avoiding ldap configuration then.

    • UPDATE: If we can’t configure ldap assume a ldinfo message, and let prun execute ldinfo after puppet agent run.

    • FIX: Fix typo in username of ldap-ro.

    • FIX: Allow access to ld ldap attributes from localhost.

  • ld_moodle:

    • FIX: Use ldap bind pw/dn for authentication.

1.3.22-2

  • ld_nextcloud:

    • FIX: Remove now unsupported install parameter database-table-prefix.

1.3.22-1

  • ld_nextcloud:

    • UPDATE: Workaround non-uniquess of accounts.

ld-puppet50

5.0.56-3

  • doc.d:

    • NEW: vmware/phys_for_logosrv_a_ldhost:

      • Add sample for vmware configuration variant phys for ldhost/logosrv instead of switching via openvswitch.

  • ld_legacy:

    • UPDATE: Don’t panic if no "intern" interface on ldhost is configured, avoiding ldap configuration then.

    • UPDATE: If we can’t configure ldap assume a ldinfo message, and let prun execute ldinfo after puppet agent run.

    • FIX: Fix typo in username of ldap-ro.

    • FIX: Allow access to ld ldap attributes from localhost.

  • ld_moodle:

    • FIX: Use ldap bind pw/dn for authentication.

5.0.56-2

  • ld_nextcloud:

    • FIX: Remove now unsupported install parameter database-table-prefix.

5.0.56-1

  • ld_nextcloud:

    • UPDATE: Workaround non-uniquess of accounts.

sudo

1.8.16-0ubuntu1.10

  • Backport from xenial.

  • SECURITY UPDATE: dir existence issue via sudoedit race

    • debian/patches/CVE-2021-23239.patch: fix potential directory existing info leak in sudoedit in src/sudo_edit.c.

    • CVE-2021-23239

  • SECURITY UPDATE: heap-based buffer overflow

    • debian/patches/CVE-2021-3156-pre1.patch: check lock record size in plugins/sudoers/timestamp.c.

    • debian/patches/CVE-2021-3156-pre2.patch: sanity check size when converting the first record to TS_LOCKEXCL in plugins/sudoers/timestamp.c.

    • debian/patches/CVE-2021-3156-1.patch: reset valid_flags to MODE_NONINTERACTIVE for sudoedit in src/parse_args.c.

    • debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in plugin in plugins/sudoers/policy.c.

    • debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow when unescaping backslashes in plugins/sudoers/sudoers.c.

    • debian/patches/CVE-2021-3156-4.patch: fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL in plugins/sudoers/timestamp.c.

    • debian/patches/CVE-2021-3156-5.patch: don’t assume that argv is allocated as a single flat buffer in src/parse_args.c.

    • CVE-2021-3156

2021-01-25

ld-autoconf

1

  • NEW: All official Ansible playbooks migrated.

ld-choco-install

5

  • UPDATE: Chocolatey Core Extensions 1.3.5.1.

ld-control-center

44

  • NEW: Can set deployAction with forceRestart. Closes: 2414

  • NEW: Delete PrinterProperties settings file. Closes: 1748

  • NEW: DeployInformation in Status and Node Devices table. Closes: 2433

  • NEW: DriverBlocklists in driverCatalog group. Closes: 2438, 2485

  • NEW: Keep focus in search fields. Closes: 2373

  • NEW: PrinterStatus. Closes: 2383

  • NEW: Show text for suspended skus. Closes: 2441

  • NEW: Show userRole in azure user table. Closes: 2304

  • NEW: SoftwareStatus. Closes: 2384

  • NEW: enableChecksumMatching for softwareCatalog. Closes: 2425

  • UPDATE: Edit Hardware ID of driver fct in expertmode. Closes: 2475

  • UPDATE: Info Text for driverBlocklist. Closes: 2473

  • UPDATE: LocalBootMethod and AutoConf Reload in Expertmode. Closes: 2448

  • UPDATE: Validation of Configurations. Closes: 2447

  • UPDATE: stopOnAutoconfRoleError,stopOnPrinterError, stopOnSoftwareError in respective catalog. Closes: 2493

  • FIX: AddModals lock swipe gesture. Closes: 2367

  • FIX: Change driver name of printerDriver. Closes: 2396

  • FIX: Close DeployAt datepicker, delete date. Closes: 2451

  • FIX: Min service version check with developer version. Closes: 2445

  • FIX: Remove AzureSync and Domain. Closes: 2457

  • FIX: Set DeployAction as expected, set current deployAction as selected in dialog. Closes: 2464

  • FIX: Type Error after changing autoconf roles. Closes: 2450

43

  • NEW: Choco Package Parameters in SoftwareCatalog program. Closes: 2245

  • NEW: Add DriverCatalog. Closes: 2298

  • NEW: Implement autoconfStatus. Closes: 2315

  • NEW: Extended Deployment settings (stopOnAutoconfRoleError,stopOnPrinterError, stopOnSoftwareError) for imageCatalog. Closes: 2236

  • NEW: Replace Ansible with AutoConf. Closes: 2321

  • NEW: Column selection for assigned azure users. Closes: 2305

  • NEW: Show assigned azure license and teamsPolicyPackages in assigned table. Closes: 2306

  • UPDATE: AzureLogs show INFO Level by default. Closes: 2303

  • FIX: Fix hide lokal boot method if you are not in expertmode. Closes: 2299

ld-control-service

43

  • AutoConf

    • NEW: Added AutoconfPhase with AutoconfStatus per AutoconfRole

    • UPDATE: Changed Roles from Ansible to Autoconf (incl. path)

    • UPDATE: Renamed Ansible Tables to Autoconf

    • UPDATE: Renamed Ansible Entities, Repositories and EntityListeners to Autoconf

    • UPDATE: Changed all REST Calls (including findBys) from ../ansible.. to ../autoconf..

    • UPDATE: Removed Ansible Inventory, AnsibleController, AnsibleStatus

    • UPDATE: Removed ansibleOverSshOnWindows from HostStatus

    • UPDATE: Removed ExtendedHttpStatus LD_ANSIBLE_IGNORABLE_ERROR (234)

  • Central Validation

    • NEW: Added GraalVM JS Engine for executing Java Script

    • NEW: Added gradle command to minify validation js-files into one validation.js

    • NEW: Added validation for Host Cns + EventHandler

    • NEW: Added validation for Node Cns + EventHandler

    • NEW: Added Encoding/Decoding of node cn and host cn to IDN

    • NEW: Added validation for all Catalogs (exclude DriverCatalog) + EventHandlers

    • NEW: Added validation of Domain in AzureSyncData (call in BasePathAwareController)

    • UPDATE: Upgrade Gradle 5.6 ⇒ 6.4.1

    • UPDATE: Updated validation for all Catalogs

    • UPDATE: Updated validation for Domain in AzureSyncData

    • UPDATE: Expanded validation of forbidden/reserved Names for host|node|user|group

  • CustomCatalogs:

    • NEW: Added CustomSoftwareCatalog containing chocolatey and proxy properties

    • NEW: Added CustomPrinterCatalog containing printer properties (incl. default)

    • NEW: Added CustomAutoconfCatalog containing AutoconfRuntimes

    • NEW: Added CustomDriverCatalog containing DriverGroup id and LinkedDrivers

    • NEW: Added CustomCatalogController with get calls for all CustomCatalogs

  • Debian

    • FIX: Create user ld-control-service in postinst only if non existent

  • Deploy

    • NEW: Default LocalBootMethod in application.properties

    • UPDATE: Added field ForceRestart to DeployStatus, for immediate deploy

    • UPDATE: Added LocalBootMethod GRUB for BIOS

  • Driver:

    • NEW: Added DriverCatalog with DriverGroups

    • NEW: Added LinkedDrivers containing Driver and Facts

    • NEW: Added Repositories and EntityListeners

    • NEW: Modified PrePersist Events to Overwrite existing Entities

    • NEW: Added DriverBlocklist for driver exclusion in deploy

    • FIX: Delete driver from Nexus after driver delete in service

  • Printer

    • NEW: Added PrinterPhase with Installed, Enabled and Default PrinterStatus

    • NEW: Added REST Delete Call for deleting of PrinterProperties File

    • FIX: Duplicated Metadata in PrinterDriver after changing Driver Zip (Bug 2241)

    • FIX: Deleting defaultPrinter Relation in PrinterGroup after removing default printer

    • FIX: Removing unnecessary backslash from printer_driver and printer_properties urlt

  • Security

    • FIX: Preventing MacSecurity Spam with temporary List of blocked Macs

  • Software

    • NEW: Added SoftwarePhase with SoftwareStatus per Software

    • NEW: Added (stopOn) Parameters for Deployment Stop on Printer|Software|Autoconf Error

    • UPDATE: Added field type to SoftwareStatus

    • UPDATE: Changed default Value for stopOn Parameters to true

  • User Management

    • NEW: Added UserRole (admin, teacher, student)

    • FIX: findBy|All|ExcludeComputer excludes "ld-sg-" Groups (Group Recursion Fix)

  • Websocket

    • NEW: Added TransactionSync to all EntityListeners for persistence ensure

    • UPDATE: Removed host.json writing from changes of DeployStatus and WimportData

ld-deploy-agent

72

  • NEW: Added Printer Status

  • NEW: Added Software Status

  • NEW: Added forced restarts for reapply and redeploy

  • NEW: Added driver block list implementation

  • NEW: Added copying dism error log on failure to Y:

  • UPDATE: Java updated to 11.0.10+6

  • FIX: Fixed autoconf path issues for new images

  • FIX: Fixed persistence for removed drivers within images

  • FIX: Fixed printer install script

ld-deploy-ipxe

1.0.0+201202.182530

  • NEW: Tiny grub for local boot under bios is included.

  • NEW: snponly driver is included.

  • UPDATE: Use the latest iPXE version again.

ld-deploy-linpe

33+201129.010039

  • UPDATE: Fedora 33 on Sun, 29 Nov 2020 01:00:39 +0100.

ld-deploy-winpe

2004+201129.010928

  • UPDATE: Windows PE 2004 on 2020-11-29 01:09:28+01:00.

ld-lgpo

3.0

  • UPDATE: Updated to version 3.0.

ld-mobile

4.77+1

Note

For further details, please refer to Relution changelog http://repo.relution.io/docs/4.77/relution-changelog/changelog.html

ld-nextcloud

20.0.5

ld-nexus

3.29.2-02

  • UPDATE: Updated to version 3.29.2-02

  • UPDATE: Disk threshold for elasticsearch has been disabled. Closes: 2398.

  • FIX: Documentation property replaced with a valid URL. Closes: 2418.

ld-puppet10

1.3.22

  • common:

    • UPDATE: ldinfo shows now who manages this installation (monitoring).

    • FIX: Port color format bugfixes from p6.

    • Update process:

      • NEW: Runs now puppet-extendca too.

    • NEW: puppet-extendca extends ca now if it expires in/under 365 days.

    • UPDATE: Remove legacy icinga2 code: ld_ctrl, ld_rproxy, ld_rembo, ld_squid.

    • Upgrade process:

      • NEW: Translating custom configuration for ctrl-g1 into new format

      • NEW: Pregenerate a azure syncid (saved in deploy.yaml)

      • UPDATE: Removing deprecated unused settings for ansible from ctrl-g1 configuration.

  • hiera.d

    • ctrl-g1:

      • NEW: Adding autoconf nginx location.

    • kopano-g1:

      • FIX: Avoid boolify of 'off' value for proxy_redirect setting in webmeeting.

  • ld_acmetool:

    • FIX: Enforcing acme v2 api (Closes: 2399).

  • ld_base

    • NEW: added packages:

      • byobu

      • ca-certficates

      • ncdu

      • tmux

    • NEW: removed packages:

      • ca-certificates-mono

    • NEW: Adding any repository (should contain packages for all dists).

    • UPDATE: Moving tools/packages for physical machines (hp tools as example) from ld_icinga2 here.

    • UPDATE: Because puppetserver is now available for focal, use focal for p7 puppeteer-g3 now.

    • FIX: Avoiding uid/gid clash if suroot is activated.

    • FIX: Deploy a changed addusers.conf/login.defs to avoid clashes with default logosrv user ids (SYS_UID_MAX⇒799, SYS_GID_MAX⇒500)

    • FIX: To avoid uid/gid clash with suroot feature:

      • Use 800 for uid and gid.

      • Enforce /home/suroot (recursive) owned by uid/gid 800/800.

  • ld_ca:

    • FIX: Let anybody read public/chain/intermedia certificates not only root and cfssl group.

  • ld_ctrl:

    • UPDATE: Remove icinga2 code.

    • UPDATE: Replace ld-ansible with ld-autoconf package.

  • ld_kopano:

    • NEW: Using hiera_hash to lookup packages allowing to un/non-install packages (Closes: 2247).

    • FIX Install python3-dnspython/flask so that kopano-presence works again (Closes: 2273).

  • ld_legacy:

    • NEW: Managing LDAP server in logosrv from puppet now too with following effects/traits:

      • Enforce strict acl who, and what everyone, authenticated and special accounts can view, or even access.

        • Reducing ldap content visibility for normal users to basic attributes.

        • Hide some dn trees, objects from non eligable accounts/anonymous

        • Restrict write access for ldap-admin coming from logosrv (main ip, localhost).

        • Hiding attributes and objectclasses.

        • For compat reasons allow anonymous access from logosrv itselfs reads access to normal attributes and objects.

      • Seperate ldap-admin and "Directory Manager"

        • ldap-admin, allowing via acl write access to all normal attributes

        • "Directory Manager", full write/read to everything without even checking any acl.

      • slapd backend:

        • Increase bdb locks (lockers, locks, objects) from 1500 to 5000.

        • Increase bdb raw page cache from 20M to 128M.

      • Seperate ldap-admin ⇐⇒ directory manager (latter doesn’t get anything acl checked).

      • Creating a ldap-ro user, and save password in logosrv under /etc/ldap.ro.secret.

      • To avoid overlapping with historic logosrv tools lets slapd use now /etc/ldap/slapd.puppet.conf as configuration (via etc/default/slapd).

      • Creating logins for external services.

      • Reindex ldap (making gz backup at root/.runner/ldap_backup) on configuration change just in case.

    • UPDATE: Move rpc-server.conf definition into ld_legacy, which allows now sharing code between instances that use this service (rembo5/7, samba, ldhost, logosrv).

    • FIX: Switching customer short/longname in logosrv ldinfo display.

    • FIX: Disable tty2 event handler.

    • FIX: Don’t try to install ld-deploy-windows-tools on each run.

    • FIX: Respect non default servernet networks in rpc-server configuration.

  • ld_mobile:

    • NEW: LD Mobile Portal branding activated.

    • NEW: Add script 'relution-ldap-test' to help testing multi orga installations configurations.

    • UPDATE: Remove historic helper scripts.

  • ld_network:

    • NEW: Deploy internal network configuration at /opt/puppet-cm/network.yaml for debugging.

    • NEW: Extended get_ip function to return different formats/kinds of ip information.

    • NEW: transform_netmap now stringify some results, and add cidr notation to puppet structures.

  • ld_nextcloud:

    • UPDATE: Enforce disabled password change via nextcloud.

    • UPDATE: Removing unneeded package version of php packages.

    • FIX: Restart/start apache after nextcloud installer has run.

    • FIX: Protect packaged configuration directory via htaccess too.

  • ld_puppet:

    • Remove matching (/var/log/apache2/*.gz) after 8 week.

  • ld_squid:

    • UPDATE: Porting ld_squid::common from 6.x branch.

  • ld_zabbix:

    • NEW: Add ldinfo information with state of monitoring activation.

    • NEW: Setup zabbix agent only if we get a psk.

    • UPDATE: Replace deprecated configuration EnableRemoteCommands.

  • profile:

    • ad_sync:

      • NEW: Adding:

        • syncid from configuration

        • customer short and long name

      • NEW: Enable usage of syncid for multi orga/single tenant mode via custom.d/ad-sync-g1.yaml: 'profile::host::ad_sync::enable_sync_id: true'

      • UPDATE: Remove AzureRootGroup setting

ld-puppet50

5.0.56

  • common:

    • UPDATE: ldinfo shows now who manages this installation (monitoring).

    • UPDATE: Use dig44 to avoid deprecation warning.

    • FIX: Port color format bugfixes from p6.

    • Upgrade process:

      • NEW: Translating custom configuration for ctrl-g1 into new format

      • UPDATE: Removing deprecated unused settings for ansible from ctrl-g1 configuration.

      • UPDATE: Removing deprecated unused settings for ansible from ctrl-g1 configuration.

  • hiera.d

    • ctrl-g1:

      • NEW: Adding autoconf nginx location.

    • kopano-g1:

      • FIX: Avoid boolify of 'off' value for proxy_redirect setting in webmeeting.

  • ld_acmetool:

    • FIX: Enforcing acme v2 api (Closes: 2399).

  • ld_base

    • NEW: added packages:

      • byobu

      • ca-certficates

      • edac-utils

      • ncdu

      • tmux

    • NEW: removed packages:

      • ca-certificates-mono

    • NEW: Adding any repository (should contain packages for all dists).

    • UPDATE: Moving tools/packages for physical machines (hp tools as example) from ld_icinga2 here.

    • UPDATE: Because puppetserver is now available for focal, use focal for p7 puppeteer-g3 now.

    • FIX: Avoiding uid/gid clash if suroot is activated.

    • FIX: Deploy a changed addusers.conf/login.defs to avoid clashes with default logosrv user ids (SYS_UID_MAX⇒799, SYS_GID_MAX⇒500)

    • FIX: To avoid uid/gid clash with suroot feature:

      • Use 800 for uid and gid.

      • Enforce /home/suroot (recursive) owned by uid/gid 800/800.

  • ld_ca:

    • FIX: Let anybody read public/chain/intermedia certificates not only root and cfssl group.

    • FIX: Enforce correct group of /etc/cfssl directory.

    • FIX: Fix publishing of chain.pem (dashed name).

  • ld_ctrl:

    • UPDATE: Remove icinga2 code.

    • UPDATE: Replace ld-ansible with ld-autoconf package.

  • ld_kopano:

    • NEW: Using hiera_hash to lookup packages allowing to un/non-install packages (Closes: 2247).

    • FIX Install python3-dnspython/flask so that kopano-presence works again (Closes: 2273).

  • ld_legacy:

    • NEW: Managing LDAP server in logosrv from puppet now too with following effects/traits:

      • Enforce strict acl who, and what everyone, authenticated and special accounts can view, or even access.

        • Reducing ldap content visibility for normal users to basic attributes.

        • Hide some dn trees, objects from non eligable accounts/anonymous

        • Restrict write access for ldap-admin coming from logosrv (main ip, localhost).

        • Hiding attributes and objectclasses.

        • For compat reasons allow anonymous access from logosrv itselfs reads access to normal attributes and objects.

      • Seperate ldap-admin and "Directory Manager"

        • ldap-admin, allowing via acl write access to all normal attributes

        • "Directory Manager", full write/read to everything without even checking any acl.

      • slapd backend:

        • Increase bdb locks (lockers, locks, objects) from 1500 to 5000.

        • Increase bdb raw page cache from 20M to 128M.

      • Seperate ldap-admin ⇐⇒ directory manager (latter doesn’t get anything acl checked).

      • Creating a ldap-ro user, and save password in logosrv under /etc/ldap.ro.secret.

      • To avoid overlapping with historic logosrv tools lets slapd use now /etc/ldap/slapd.puppet.conf as configuration (via etc/default/slapd).

      • Creating logins for external services.

      • Reindex ldap (making gz backup at root/.runner/ldap_backup) on configuration change just in case.

    • UPDATE: Move rpc-server.conf definition into ld_legacy, which allows now sharing code between instances that use this service (rembo5/7, samba, ldhost, logosrv).

    • FIX: Switching customer short/longname in logosrv ldinfo display.

    • FIX: Disable tty2 event handler.

    • FIX: Don’t try to install ld-deploy-windows-tools on each run.

    • FIX: Respect non default servernet networks in rpc-server configuration.

  • ld_mobile:

    • NEW: LD Mobile Portal branding activated.

    • NEW: Add script 'relution-ldap-test' to help testing multi orga installations configurations.

    • UPDATE: Remove historic helper scripts.

    • UPDATE: Remove icinga2 monitoring configuration.

    • FIX: Correcting ldap searchBase for users and groups from absolut to relative dn (absolute doesn’t work, only for new entries).

    • FIX: Restart service on configuration change.

  • ld_network:

    • NEW: Deploy internal network configuration at /opt/puppet-cm/network.yaml for debugging.

    • NEW: Extended get_ip function to return different formats/kinds of ip information.

    • NEW: transform_netmap now stringify some results, and add cidr notation to puppet structures.

  • ld_nextcloud:

    • UPDATE: Enforce disabled password change via nextcloud.

    • UPDATE: Removing unneeded package version of php packages.

    • FIX: Restart/start apache after nextcloud installer has run.

    • FIX: Protect packaged configuration directory via htaccess too.

  • ld_squid:

    • UPDATE: Porting ld_squid::common from 6.x branch.

  • ld_zabbix:

    • NEW: Add ldinfo information with state of monitoring activation.

    • NEW: Setup zabbix agent only if we get a psk.

    • UPDATE: Replace deprecated configuration EnableRemoteCommands.

    • UPDATE: Use dig44 to avoid deprecation warning.

  • profile:

    • ad_sync:

      • NEW: Manage GroupFilter.yaml via hiera key 'profile::host::ad_sync::groupfilters' too.

      • NEW: Adding:

        • syncid from configuration

        • customer short and long name

      • NEW: Enable usage of syncid for multi orga/single tenant mode via custom.d/ad-sync-g1.yaml: 'profile::host::ad_sync::enable_sync_id: true'

      • UPDATE: Remove AzureRootGroup setting

ld-reboot

1.0.27

  • FIX: The puppet disabled file is now created for each container.

ld-sysinternals

2021.01.11

  • UPDATE: Updated to Version 2021.01.11.

ld-vc-redist

14.28.29325.2

  • UPDATE: Updated to version 14.28.29325.2.

ld-win-tools

4

  • NEW: Display frequency can be configured.

  • NEW: Display bits per pixel can be configured.

  • UPDATE: Distribute over choco package.

ld-wpad

1.5.201210-1

  • NEW: Added NoProxySite wildcard support.

2021-01-21

ld-puppet10

1.3.21-8

  • ld_base:

    • FIX: PHP now restarts apache service on extensions changes.

1.3.21-7

  • hiera:

    • ssp-g1:

      • FIX: Installs php(version)-mbstring.

  • ld_ssp:

    • FIX: Fixate installed php module versions, no cleanup because self-service package reference generic php-mbstring.

ld-puppet50

5.0.55-9

  • ld_base:

    • FIX: Correct upgrade-packages upgrade:manual handling/detection.

5.0.55-8

  • ld_base:

    • FIX: PHP now restarts apache service on extensions changes.

5.0.55-7

  • 3part.d:

    • php:

      • FIX: Patching to allow specify tag in puppet package resource.

  • hiera.d:

    • ssp-g1:

      • FIX: Install mbstring and php modules in specific php version.

  • ld_ssp:

    • FIX: Ensure ordering of php apache config after apache php is installed.

    • FIX: Fixate php module versions.

2021-01-13

ld-puppet10

1.3.21-6

  • ld_puppet:

    • FIX: Let prun retrieve puppeteer ca on each run, do any error prove checking of ca cert.

1.3.21-5

  • ld_puppet:

    • FIX: prun is no longer aborted if the puppeteer ca certificate is invalid.

1.3.21-4

  • ld_samba:

    • FIX: Service will be restarted after certificate deployment.

1.3.21-3

  • ld_samba:

    • NEW: Use correct network for rpc-server configuration.

ld-puppet50

5.0.55-6

  • ld_puppet:

    • FIX: Let prun retrieve puppeteer ca on each run, do any error prove checking of ca cert.

5.0.55-5

  • ld_puppet:

    • FIX: prun is no longer aborted if the puppeteer ca certificate is invalid.

5.0.55-4

  • ld_samba:

    • FIX: Service will be restarted after certificate deployment.

5.0.55-3

  • hiera.d:

    • FIX: Use http repo for postgresql on 14.04 containers.

  • ld_samba:

    • NEW: Use correct network for rpc-server configuration.

2020-12-08

ld-mobile

4.75+1

Note

For further details, please refer to Relution changelog http://repo.relution.io/docs/4.75/relution-changelog/changelog.html

2020-11-27

ld-zabbix-extensions

1.2.0

  • UPDATE: Drop support for facter.

2020-11-24

ld-licensing-agent

1.2.0

  • NEW: Support for proxied environments.

2020-11-17

ld-licensing-agent

1.1.0

  • FIX: Handle multiple licences with same type by date.

2020-11-11

ld-mobile

4.74+1

Note

For further details, please refer to Relution changelog http://repo.relution.io/docs/4.74/relution-changelog/changelog.html

ld-zabbix-extensions

1.1.2

  • UPDATE: Allow to use parameters on licences.

2020-11-10

ld-deploy-ipxe

1.0.0+201109.175101

  • UPDATE: Downgrade to commit ef2c844d01e78723af54b6ca67019fd9fe7f08e4 so that computers in Bielefeld can boot locally.

2020-11-05

ld-control-service

42.14

  • Printer management:

    • FIX: Fixed NullPointer in printer properties (settings) and printer driver (url)

2020-11-02

ld-deploy-ipxe

1.0.0+201030.145850

  • UPDATE: Upstream on Fri, 30 Oct 2020 14:58:50 +0100

  • UPDATE: Will be compiled under focal (Ubuntu 20.04).

ld-puppet10

1.3.21-2

  • ld_mobile:

    • NEW: Restart service on configuration change.

    • UPDATE: Remove icinga2 monitoring configuration.

    • FIX: Correcting ldap searchBase for users and groups from absolut to relative dn (absolute doesn’t work, only for new entries).

  • ld_zabbix:

    • UPDATE: Setup zabbix agent only if we get a psk.

    • UPDATE: Use dig44 to avoid deprecation warning.

1.3.21-1

  • ld_samba4:

    • NEW: Configure rpc-server listen address via puppet now (use ip to avoid dns quirks and dependencies).

ld-puppet50

5.0.55-2

  • ld_samba4:

    • FIX: Use symbolic instead real package name for referencing rpc-server (ld-com-rpc-server), p5 doesn’t check title AND name like p3.

5.0.55-1

  • ld_samba4:

    • NEW: Configure rpc-server listen address via puppet now (use ip to avoid dns quirks and dependencies).

2020-10-29

ld-control-service

42.13

  • Printer management:

    • NEW: Added changeset for migration of printer_driver and printer_properties table

    • UPDATE: Changed url of printer driver to relative path (printer/driver/…​)

    • UPDATE: Changed url of printer properties to relative path (printer/properties/…​)

2020-10-27

ld-nextcloud

19.0.4-1

  • FIX: Major upgrade check fixed. Allow upgrade without version file.

2020-10-26

ld-nextcloud

19.0.4

ld-puppet10

1.3.21

  • containers:

    • NEW: mariadb105 container:

      • Use ubuntu xenial for new installations.

      • Container mounts /var/lib/lxc.data/mariadb105/mysql for mysql database. The content isn’t tied to the life cyle of container.

    • UPDATE: unifi container:

      • Use ubuntu xenial for new installations.

    • UPDATE: xibo17 container:

      • Reduce innodb_log_file_size to 5M for compatibility.

  • hiera.d:

    • NEW: fixed.yaml:

      • Add lookup/package proxy infos about LogoDIDACT own mirror system.

    • UPDATE: default.yaml:

      • Configuration from mysql/mariadb host/role merged for simplicity.

  • ld_base:

    • UPDATE: Allows to specify a shorted veth interface name for containers (link name is limited to 15 chars).

  • ld_ca:

    • FIX: Group of /etc/cfssl directory has been corrected.

  • ld_lxc:

    • NEW: Added possibility to remount parts of LXC_DATA to directories in lxc rootfs (e.g. lxc.data/mariadb10/mysql to (RUNNING LXC)/var/lib/mysql).

    • FIX: lxc.hook.network doesn’t complain about unconfigured interfaces if they should be go down (e.g. removed interface from hiera config).

  • ld_mobile:

    • NEW: Allows to define multiple ldap connectors via hiera configuration.

    • NEW: Education classes are also built up from project groups.

  • ld_samba:

    • UPDATE: Removing automatic reboot.

    • UPDATE: Removing non default groups addition to ld-sysgroup.

    • FIX: systemd service will be overwritten:

      • Using /var/run/samba/samba.pid for main process detection.

      • Disabling the systemd service from being active when all processes have ended.

      • Changing kill (stop) method so that all process in cgroup are affected (KillMode=control-group).

    • FIX: Apply acls for ld-su-domjoin in non default fqdn scenarios too.

  • ld_squid:

    • FIX: Using all instead of 0.0.0.0/0 to silence squid warnings on daily logrotate/reloads/restarts.

  • ld_unifi:

    • NEW: Switch to nginx as reverse proxy:

      • Fast restarts on certificate changes.

      • Restarts only if certificate really changes.

      • No sysv/systemd service patching necessary.

    • NEW: Disable nginx http2 support for now (only supported by 16.04).

    • UPDATE The non-working and unnexessary patching for correct JAVA_HOME has been removed.

  • sites:

    • NEW: bielefeld:

      • mariadb105 is enabled by default.

ld-puppet50

5.0.55

  • containers:

    • NEW: mariadb105 container:

      • Use ubuntu xenial for new installations.

      • Container mounts /var/lib/lxc.data/mariadb105/mysql for mysql database. The content isn’t tied to the life cyle of container.

    • UPDATE: unifi container:

      • Use ubuntu xenial for new installations.

    • UPDATE: xibo17 container:

      • Reduce innodb_log_file_size to 5M for compatibility.

  • hiera.d:

    • NEW: fixed.yaml:

      • Add lookup/package proxy infos about LogoDIDACT own mirror system.

    • UPDATE: default.yaml:

      • Configuration from mysql/mariadb host/role merged for simplicity.

  • ld_base:

    • UPDATE: Allows to specify a shorted veth interface name for containers (link name is limited to 15 chars).

  • ld_ca:

    • FIX: Group of /etc/cfssl directory has been corrected.

    • FIX: Fix publishing of chain.pem (dashed name).

  • ld_lxc:

    • NEW: Added possibility to remount parts of LXC_DATA to directories in lxc rootfs (e.g. lxc.data/mariadb10/mysql to (RUNNING LXC)/var/lib/mysql).

    • FIX: lxc.hook.network doesn’t complain about unconfigured interfaces if they should be go down (e.g. removed interface from hiera config).

  • ld_mobile:

    • NEW: Allows to define multiple ldap connectors via hiera configuration.

    • NEW: Education classes are also built up from project groups.

  • ld_puppet:

    • UPDATE: Disabling unused mcollective agents on all managed nodes.

    • FIX: Use correct rundir to allow saving pid file without problems.

  • ld_samba:

    • UPDATE: Removing automatic reboot.

    • UPDATE: Removing non default groups addition to ld-sysgroup.

    • FIX: systemd service will be overwritten:

      • Using /var/run/samba/samba.pid for main process detection.

      • Disabling the systemd service from being active when all processes have ended.

      • Changing kill (stop) method so that all process in cgroup are affected (KillMode=control-group).

    • FIX: Apply acls for ld-su-domjoin in non default fqdn scenarios too.

  • ld_squid:

    • FIX: Using all instead of 0.0.0.0/0 to silence squid warnings on daily logrotate/reloads/restarts.

  • ld_unifi:

    • NEW: Switch to nginx as reverse proxy:

      • Fast restarts on certificate changes.

      • Restarts only if certificate really changes.

      • No sysv/systemd service patching necessary.

    • NEW: Disable nginx http2 support for now (only supported by 16.04).

    • UPDATE The non-working and unnexessary patching for correct JAVA_HOME has been removed.

  • ld_zabbix:

    • FIX: Correct usage of dig to obtain zabbix psk key.

  • sites:

    • NEW: bielefeld:

      • mariadb105 is enabled by default.

2020-10-05

ld-mobile

4.72.2+1

Note

For further details, please refer to Relution changelog http://repo.relution.io/docs/4.72.2/relution-changelog/changelog.html

2020-09-30

ld-puppet10

1.3.20-2

  • ld_ctrl:

    • FIX: Avoid using the ip address for nexus and graylog containers

  • ld_nextcloud

    • FIX: Don’t use sudo in systemd timer to execute scripts as www-data (unit is already executed as www-data)

  • ld_samba:

    • FIX: Using internal ca root for tls cafile parameter (backport from 6.x branch)

ld-puppet50

5.0.54-2

  • ld_ctrl:

    • FIX: Avoid using the ip address for nexus and graylog containers

  • ld_nextcloud

    • FIX: Don’t use sudo in systemd timer to execute scripts as www-data (unit is already executed as www-data)

  • ld_samba:

    • FIX: Using internal ca root for tls cafile parameter (backport from 6.x branch)

2020-09-28

Caution

This is a very important update that fixes very serious vulnerabilities in the Samba products used. It is strongly recommended to update to these version.

Further information can be found on the following websites.

ld-puppet10

1.3.20-1

  • ld_samba:

    • FIX: closing CVE-2020-1472/Zerologon by forcing server schannel usage

ld-puppet50

5.0.54-1

  • ld_samba:

    • FIX: closing CVE-2020-1472/Zerologon by forcing server schannel usage

ld-samba

1.4.200925-1

  • FIX: closing CVE-2020-1472/Zerologon by forcing server schannel usage

ld-site-itb

1.5.200928-1

  • FIX: disables editing of wimport_data when ld-deploy is in use

2020-09-21

ld-azure-sync

7.0

  • UPDATE Adapted to ld-control-service 42.12+ (API change)

6.3

  • FIX: Same as 6.2. Make sure array is returned in every case

6.2

  • FIX: Fixed rare case when Get-CsBatchPolicyAssignmentOperation returns an array containing a single element

6.1

  • FIX: Correctly get available domains from the tenant

6.0

  • UPDATE: Adapted to new ld-control-service api

  • NEW: ld-control-service (42.8+) authentication:

    • Authentication only possible if ld-control-service supports the current ld-azure-sync version

5.7

  • NEW: Send list of deleted users/groups to ld-control-service, where they can be marked for permanent cleanup (instead of waiting the 30 days)

  • NEW: WebSocket connection to ld-control-service allows to trigger:

    • permanent cleanup of marked deleted entities

    • sync manually

  • NEW: Ensure the primary mail address of a group matches the domain name that was selected in the ld-control-center

  • NEW: Send azure domain info to ld-control-service

5.6

  • NEW: Logs users that will not be converted because they have a DirectoryRole (e.g. company admins, team admins, …​)

ld-base

1.5.200707-1

  • FIX: itbdo commandline fix

ld-baselibs

1.4.200624-1

  • FIX: import_workstation

    • Fixed timing problems on host removal loop

    • Added additionally defined networks to ipsets

ld-control-center

42.4

  • NEW: Projections for performance (sku and teamsPolicy).

  • FIX: Fix displaying delete all users and groups from ld-sg-azure.

42.3

  • NEW: DeployInformation in multiple host table. [Closes: 2284]

42.2

  • NEW: Translate azure_service_plans in error log. [Closes: 2281]

  • FIX: Fallback logic for not having guid of servicePlan/sku.

42.1

  • NEW: New Policy Packages, Firstline_Worker/Manager.

42

  • NEW: Type CAMERA for hosts. [Closes: 2166]

  • NEW: Manually start ad-sync. [Closes: 2206]

  • NEW: Delete azureDeletedEntities. [Closes: 2207]

  • NEW Select/Deselect all option. [Closes: 2175]

  • NEW: Export Windows MetaData as csv. [Closes: 2225]

  • UPDATE: Yes/No Booleans with text. [Closes: 2177]

  • FIX: Show/Change SoftwareProgram version for each one individually. [Closes: 2184]

  • FIX: Fix empty hardware entries in overview. [Closes: 2260]

  • FIX: Show more than one Ansible role description. [Closes: 2229]

41.11

  • NEW: Enable Windows Driver Management in imageCatalog. [Closes: 2239]

  • FIX: Catch empty cn.

41.10

  • UPDATE: Rename Windows Driver Updates. [Closes: 2234]

  • FIX: Show/Change SoftwareProgram version for each one individually. [Closes: 2184]

  • FIX: Show more than one Ansible role description. [Closes: 2229]

41.9

  • NEW: Add GRUB as local boot method. [Closes: 2231]

ld-control-service

42.12

  • Azure:

    • NEW: Added AzureServicePlanProjections

    • NEW: Added TeamsPolicyPackageProjections

    • NEW: Accepts Azure Sync Version 7.0 to 7.9

  • Azure Sync:

    • NEW: Added Projections for Azure Sync App

42.11

  • User Management:

    • NEW: Added UserProjections for Azure/User Sync

    • NEW: Accepts Azure Sync Version 7.0 to 7.9

42.10

  • User Sync:

    • FIX: Bugfix for Missing findBy Methods in AzureDeletedEntityRepository

42.9

  • User Sync:

    • FIX: Bugfix for User Sync Azure Group relation

42.8

  • Azure:

    • NEW: added group projection for Azure

  • Version Check:

    • NEW: Implemented Version Check for Azure Sync App

    • NEW: Accepts Azure Sync Version 6.0 to 6.9

42.7

  • Deployment:

    • NEW: manage deleted azure users /groups

    • NEW: trigger azure sync via websocket

42.6

  • Deployment:

    • NEW: Added new image catalog column: enable_windows_driver_updates

42.5

  • Deployment:

    • NEW: Added local boot method GRUB (EFI only)

    • FIX: patchHostStatus ignores null (HostBasePathAwareController)

ld-deploy-ipxe

1.0.0+200823.020054

  • UPDATE: Upstream on Sun, 23 Aug 2020 02:00:54 +0200

ld-deploy-linpe

32+200824.163926

  • UPDATE: Upstream Fedora 32 on Mon, 24 Aug 2020 16:39:26 +0200

ld-deploy-winpe

2004+200824.112533

  • UPDATE: Upstream Windows PE 2004 on Mon, 24 Aug 2020 11:25:33 +0200

ld-dns-server

1.5.200811-02

  • UPDATE: TTL for internal domain has been changed to 60 (1 minute)

ld-nextcloud

19.0.3+1

  • UPDATE: Nextcloud updated to version 19.0.3.

  • UPDATE: SSO & SAML authentication app updated to version 3.2.0.

ld-nexus

3.27.0-03+1

  • UPDATE: Nexus updated to version 3.27.0-03.

ld-puppet10

1.3.20

  • 3part/ca_cert:

    • UPDATE: Patching to use update-ca-certificates --fresh for rebuilding ca cert store

  • UPDATE: consul test implementation removed

  • containers:

    • NEW: Nginx location for validation javascript added

    • UPDATE: Creating empty puppetserver-g2 now.

    • UPDATE: Removing maintenance network interface.

    • samba4-ad:

      • UPDATE: Remove winbind group/passwd lookup in nsswitch.conf

  • debian:

    • NEW: Deploy feature.d directory

  • default.pp:

    • UPDATE: Using single query to get installed container depends

  • ld_ad_sync:

    • NEW: Manage websocket address

  • ld_base:

    • ldinfo:

      • UPDATE: Use upcase letter L in LogoDIDACT/CLOUD

      • UPDATE: Move virtual text location in logo

      • UPDATE: Present different logos/texts on fact data:

        ld_install_kind.id == 'local'
            Logo: LogoDIDACT
        ld_install_kind.id <> 'local'
            Logo: LogoCLOUD
    • map_translate:

      • NEW: now ignores files in hiera subdirectories (default.d/ctrl-g1.d/kerb.yaml, a.e.) of internal hiera directories

      • FIX: Improving handling of translation errors to avoid defect configuration:

        • UPDATE: Extend handling of translation process via call of map_config

        • UPDATE: Break translation if we found a error and propagete defect run via exit code 1 (which as example breaks executing prun on puppeteer then)

      • FIX: Fix handling in case of non existing custom.yaml, cleanup of directories, and add additional logging

    • upgrade-packages:

      • UPDATE: Remove never really used package mail function.

      • UPDATE: Set packages as manual installed via package resource tag 'upgrade-packages:manual'

      • UPDATE: Adding more line to internal ignore list.

      • FIX: Returing now real exit-code of failed apt(-get) process instead of generic ruby stacktrace.

    • NEW: enable bootstrap.success

    • NEW: download keyserver fallback

    • NEW: disable container ca-g1

    • NEW: check deprecated containers

    • NEW: Add new fact ld_install_kind that tries to detect predefined installation kinds and allow hiera/fact/recipes now react to it for:

      • NEW: Display ld_install_kind.provider in bash prompt, examples (symbolic name of setup kind)

      • NEW: Display ld_install_kind.title in ldinfo Welcome line, examples (Local, Hetzner Cloud)

      • NEW: React on ld_install_kind.id or 'ld_install_kind_id', examples (local, hetzner) to

    • NEW: ld_install_kind evals metadata['bios_vendor'] as fallback if bios_vendor fact is nil/non-string/neq to 'Hetzner'

    • UPDATE: puppet6migration scripts

    • UPDATE: Backport auto-apt-proxy from puppet6

    • UPDATE: Using 3part module ca deployment for logosrv cert

    • UPDATE: Removing historic logosrv directory on containers and ca-certificate config reference (replaced with above, cert in /usr/local/shares/ca-certificates)

    • UPDATE: Removing facts pci_devices, bios_and_system, apt_extended_state, because they seems not be used anywhere

    • UPDATE: Don’t compress localrepo packages/content files anymore, and delete existing xz/gz/bz files from /srv/repos on puppet-repo-build run

    • UPDATE: ld_base::cert now fallbacks to ld_ca certs if defined, otherwise use snakeoil certs

    • FIX: If current role is bootstrap, don’t deploy ld10-ca cert via ca_cert:ca, avoiding relationship problems

    • FIX: Remove forced grub-pc installation

    • FIX: Proxy mode now uses logosrv.ld-servernet.servernet instead of proxy to avoid connection issues (ip routing/selection from certain hosts)

  • ld_ca:

    • UPDATE: Deploy predefined dhe group files (ffdhe2048-4096)

    • UPDATE: Deploy ld10 now itself, instead of ld_base::certificates:

      • UPDATE: Removing bootstrap ca_cert reference (not needed anymore)

      • UPDATE: Let ld_base managed ca-certificates package

  • ld_cfssl:

    • UPDATE: Combine facts cfssl / collectcerts into collectcerts

    • FIX: Try to detect defect certificates (0 byte, incomplete file structure) and regenerate them

  • ld_dns:

    • UPDATE: Using same class concept to reduce hassle in porting changes across 1.x/5.x/6.x branches

  • ld_git:

    • NEW: New aliases:

      • cpc ⇒ cherry-pick --continue

      • cpa ⇒ cherry-pick --abort

  • ld_lxc:

    • NEW: New fact ld_lxc_container that checks for .bind-mount in data/backup dir

    • UPDATE: Change emerg to info logging of container (post-)stop logging.

    • UPDATE: Puppet60 upgrade pre depends/presetup backports:

      • UPDATE: Porting mount entries for backup, data, metadata/run

      • UPDATE: Creating bind-mount state files in data/backup dir to indicate mounted via…​

    • UPDATE: Using now lxc-download for creating containers instead of slower bootstrap

    • FIX: Write down bios_vendor to metadata.json host/container too, to work around broken dmidecode based facts in trusty containers

    • FIX: To avoid that lxc.service get killing at shutdown of lxcs after 90s, increasing timeout of service to 7min and 30s. systemd will kill running processes of this service after 2x TimeoutStopSec, now 15min.

  • ld_nextcloud:

    • NEW: Manage all Nextcloud dependencies

    • NEW: Implement support nextcloud kerberos based sso

    • NEW: Redirect http to https

    • NEW: Using fake appstore, because setting not working correctly

    • NEW: Implement quota reset/systemd timer to allow switching between local/external storage mode.

    • NEW: Handling php version now via puppet / hiera configuration.

    • NEW: Directly using a logodidact.config.php for base configuration instead using api calls for them.

    • NEW: Add symlink in root home to nextcloud installation dir.

    • UPDATE: Using php-fpm instead embeddable php interpreter

    • UPDATE: Using cli installer instead of web installer.

    • UPDATE: Because ld_nextcloud::config::system settings are now handled differently, there some changes:

      • Removing "value" encapsulation

      • For moment adding a compat layer for trusted_domain subkey, adapting old variant with "value" encap.

    • UPDATE: Removing unused apache modules

    • UPDATE: Tear down ldap group/users by using ld-sysgroup, ld-sg-exclude, ld-sg-nextcloud-exclude.

    • UPDATE: Using unified plugin config api to set values for user_ldap.

    • UPDATE: Removing now unused provder/type nc_ldap.

    • UPDATE: Tweaking settings:

      • Disable some annoying apps:

        • recommendations

        • password_policy

        • serverinfo

        • logreader (use syslog now)

        • nextcloud_announcements

        • support

        • updatenotification

      • Settings:

        • Disable preview generation globally and per share

        • Disable access to appstore

        • Disable update-check

        • Disable upgrade via web

        • Change user template directory to /var/empty

        • Disable internal integrity check, because we need to patch files

        • Because sAMAccountName isn’t perfectly unique using now 'uidNumber' for nextcloud internal identification (ldap_export_uuid_user_attr)

        • Setting internal username to 'sAMAccountName' (ldap_export_username_attr)

    • FIX :Changing ldapGroupMemberAssocAttr from gidNumber to member to allow correct group mapping

  • ld_nginx:

    • NEW: Include html 5 boilerplate system file location protection

  • ld_puppet:

    • FIX: Correct syslog identifiert for internal puppet cert autosign

  • ld_rproxy:

    • NEW: Adding support to define a ssl endpoint proxy to internal address for ldap

    • UPDATE: Removig random dhparam

  • ld_samba:

    • NEW: Using now ld-su-domjoin user for joining domain for managed samba instances instead of administrator, if you got strange errors at joining, pls verify/correct directory rights for ld-su-domjoin

  • ld_squid:

    • NEW: Adding check-proxy scripts that tries to download something from https://sbe.de via proxy

    • UPDATE: Clearing intercepted ssl certificates on every squid startup

    • UPDATE: squid config:

      • After authentication allow any client

      • Using best practice ordering of authentication

  • ld_syslog:

    • FIX: Avoid syntax warning in newer rsyslog versions

  • profiles:

    • NEW: deep deletion of undefined values

    • pgsql/server:

      • NEW: Allow access from localhost via tcp / md5 auth too

    • NEW: Add ca_cert with disabled package installation in bootstrap profile

    • Adding new configuration options gaining in ld-azure-sync 5.4:

      • Exchange management:

        • MessageCannotSentToOutside, mail reply when sending outside

        • MessageCannotReceiveFromOutside, mail reply send to sender

        • GroupsThatCannotSendToOutside, list of group cn

        • UserThatCannotSendToOutisde, list of user cn

        • GroupsThatCannotReceiveFromOutside, list of group cn

        • UsersThatCannotReceiveFromOutside, list of user cn

ld-puppet50

5.0.54

  • 3part/ca_cert:

    • UPDATE: Patching to use update-ca-certificates --fresh for rebuilding ca cert store

  • UPDATE: consul test implementation removed

  • containers:

    • NEW: Nginx location for validation javascript added

    • UPDATE: Creating empty puppetserver-g2 now.

    • UPDATE: Removing maintenance network interface.

    • samba4-ad:

      • UPDATE: Remove winbind group/passwd lookup in nsswitch.conf

  • debian:

    • NEW: Deploy feature.d directory

  • environment:

    • NEW: Add license key to ld_fixed

    • NEW: Port p6 single puppetdb query for host installed detection

    • FIX: Port p1 empty ('' value) hiera value workaround

  • hiera:

    • default.yaml

    • UPDATE: Updating nginx default ciphers to current best practices values

  • ld_ad_sync:

    • NEW: Manage websocket address

  • ld_base:

    • ldinfo:

      • UPDATE: Use upcase letter L in LogoDIDACT/CLOUD

      • UPDATE: Move virtual text location in logo

      • UPDATE: Present different logos/texts on fact data:

        ld_install_kind.id == 'local'
            Logo: LogoDIDACT
        ld_install_kind.id <> 'local'
            Logo: LogoCLOUD
    • map_translate:

      • NEW: now ignores files in hiera subdirectories (default.d/ctrl-g1.d/kerb.yaml, a.e.) of internal hiera directories

      • FIX: Improving handling of translation errors to avoid defect configuration:

        • UPDATE: Extend handling of translation process via call of map_config

        • UPDATE: Break translation if we found a error and propagete defect run via exit code 1 (which as example breaks executing prun on puppeteer then)

      • FIX: Fix handling in case of non existing custom.yaml, cleanup of directories, and add additional logging

    • upgrade-packages:

      • UPDATE: Remove never really used package mail function.

      • UPDATE: Set packages as manual installed via package resource tag 'upgrade-packages:manual'

      • UPDATE: Adding more line to internal ignore list.

      • UPDATE: Add logic to handle different location/catalog formats to reduce hassle at porting across differrent versions.

        • NEW: Guessing catalog location p5 location >> p6 location >> p3 location

        • NEW: If data element exists move catalog root into it (so that resources element is obtainable from catalog root.

      • FIX: Returing now real exit-code of failed apt(-get) process instead of generic ruby stacktrace.

    • NEW: Add new fact ld_install_kind that tries to detect predefined installation kinds and allow hiera/fact/recipes now react to it for:

      • NEW: Display ld_install_kind.provider in bash prompt, examples (symbolic name of setup kind)

      • NEW: Display ld_install_kind.title in ldinfo Welcome line, examples (Local, Hetzner Cloud)

      • NEW: React on ld_install_kind.id or 'ld_install_kind_id', examples (local, hetzner) to

    • NEW: ld_install_kind evals metadata['bios_vendor'] as fallback if bios_vendor fact is nil/non-string/neq to 'Hetzner'

    • UPDATE: Backport auto-apt-proxy from puppet6

    • UPDATE: Using 3part module ca deployment for logosrv cert

    • UPDATE: Removing historic logosrv directory on containers and ca-certificate config reference (replaced with above, cert in /usr/local/shares/ca-certificates)

    • UPDATE: Removing facts pci_devices, bios_and_system, apt_extended_state, because they seems not be used anywhere

    • UPDATE: Don’t compress localrepo packages/content files anymore, and delete existing xz/gz/bz files from /srv/repos on puppet-repo-build run

    • FIX: If current role is bootstrap, don’t deploy ld10-ca cert via ca_cert:ca, avoiding relationship problems

    • FIX: Remove forced grub-pc installation

    • FIX: Proxy mode now uses logosrv.ld-servernet.servernet instead of proxy to avoid connection issues (ip routing/selection from certain hosts)

  • ld_ca:

    • UPDATE: Combine facts cfssl / collectcerts into collectcerts

    • UPDATE: Deploy predefined dhe group files (ffdhe2048-4096)

    • UPDATE: Deploy ld10 now itself, instead of ld_base::certificates:

      • UPDATE: Removing bootstrap ca_cert reference (not needed anymore)

      • UPDATE: Let ld_base managed ca-certificates package

    • FIX: Try to detect defect certificates (0 byte, incomplete file structure) and regenerate them

  • ld_dns:

    • UPDATE: Using same class concept to reduce hassle in porting changes across 1.x/5.x/6.x branches

  • ld_git:

    • NEW: New aliases:

      • cpc ⇒ cherry-pick --continue

      • cpa ⇒ cherry-pick --abort

  • ld_lxc:

    • NEW: New fact ld_lxc_container that checks for .bind-mount in data/backup dir

    • UPDATE: Change emerg to info logging of container (post-)stop logging.

    • UPDATE: Puppet60 upgrade pre depends/presetup backports:

      • UPDATE: Porting mount entries for backup, data, metadata/run

      • UPDATE: Creating bind-mount state files in data/backup dir to indicate mounted via…​

    • UPDATE: Using now lxc-download for creating containers instead of slower bootstrap

    • FIX: Write down bios_vendor to metadata.json host/container too, to work around broken dmidecode based facts in trusty containers

    • FIX: To avoid that lxc.service get killing at shutdown of lxcs after 90s, increasing timeout of service to 7min and 30s. systemd will kill running processes of this service after 2x TimeoutStopSec, now 15min.

  • ld_nextcloud:

    • NEW: Manage all Nextcloud dependencies

    • NEW: Implement support nextcloud kerberos based sso

    • NEW: Redirect http to https

    • NEW: Using fake appstore, because setting not working correctly

    • NEW: Implement quota reset/systemd timer to allow switching between local/external storage mode.

    • NEW: Handling php version now via puppet / hiera configuration.

    • NEW: Directly using a logodidact.config.php for base configuration instead using api calls for them.

    • NEW: Add symlink in root home to nextcloud installation dir.

    • UPDATE: Using php-fpm instead embeddable php interpreter

    • UPDATE: Using cli installer instead of web installer.

    • UPDATE: Because ld_nextcloud::config::system settings are now handled differently, there some changes:

      • Removing "value" encapsulation

      • For moment adding a compat layer for trusted_domain subkey, adapting old variant with "value" encap.

    • UPDATE: Removing unused apache modules

    • UPDATE: Tear down ldap group/users by using ld-sysgroup, ld-sg-exclude, ld-sg-nextcloud-exclude.

    • UPDATE: Using unified plugin config api to set values for user_ldap.

    • UPDATE: Removing now unused provder/type nc_ldap.

    • UPDATE: Tweaking settings:

      • Disable some annoying apps:

        • recommendations

        • password_policy

        • serverinfo

        • logreader (use syslog now)

        • nextcloud_announcements

        • support

        • updatenotification

      • Settings:

        • Disable preview generation globally and per share

        • Disable access to appstore

        • Disable update-check

        • Disable upgrade via web

        • Change user template directory to /var/empty

        • Disable internal integrity check, because we need to patch files

        • Because sAMAccountName isn’t perfectly unique using now 'uidNumber' for nextcloud internal identification (ldap_export_uuid_user_attr)

        • Setting internal username to 'sAMAccountName' (ldap_export_username_attr)

    • FIX :Changing ldapGroupMemberAssocAttr from gidNumber to member to allow correct group mapping

  • ld_nginx:

    • NEW: Include html 5 boilerplate system file location protection

  • ld_puppet:

    • UPDATE: prun now uses openssl bindings to check own ca.pem

    • FIX: Correct syslog identifiert for internal puppet cert autosign

  • ld_rproxy:

    • NEW: Adding support to define a ssl endpoint proxy to internal address for ldap

    • UPDATE: Removig random dhparam

  • ld_squid:

    • NEW: Adding check-proxy scripts that tries to download something from https://sbe.de via proxy

    • UPDATE: Clearing intercepted ssl certificates on every squid startup

    • UPDATE: squid config:

      • After authentication allow any client

      • Using best practice ordering of authentication

  • ld_syslog:

    • FIX: Avoid syntax warning in newer rsyslog versions

  • profiles:

    • NEW: deep deletion of undefined values

    • pgsql/server:

      • NEW: Allow access from localhost via tcp / md5 auth too

    • NEW: Add ca_cert with disabled package installation in bootstrap profile

    • Adding new configuration options gaining in ld-azure-sync 5.4:

      • Exchange management:

        • MessageCannotSentToOutside, mail reply when sending outside

        • MessageCannotReceiveFromOutside, mail reply send to sender

        • GroupsThatCannotSendToOutside, list of group cn

        • UserThatCannotSendToOutisde, list of user cn

        • GroupsThatCannotReceiveFromOutside, list of group cn

        • UsersThatCannotReceiveFromOutside, list of user cn

ld-samba

1.4.200331-1

  • NEW: create /etc/samba/smb.conf.homes.IP files for Pydio, NextCloud and Kopano

  • UPDATE: include smb.conf.shares files for Pydio, NextCloud and Kopano

ld-site-itb

1.5.200527-3

  • NEW: forward to https://ctrl/ to edit wimport_data or to import workstations

ld-upgrade

2.0.200406-01

  • FIX: wget with --no-check-certificate argument

ld-vpn-server

1.3.200522-1

  • NEW: client certificates will be removed