Cookie Consent by PrivacyPolicies.com

This document shows the latest changes to the LogoDIDACT server software.

Important

Make a backup before update.

Example: make backup
root@ldhost:~ # ldsnapshot daily_bk1
Example: update
root@puppeteer:~ # ldupdate

2020-11-24

ld-licensing-agent

1.2.0

  • NEW: Support for proxied environments.

2020-11-17

ld-licensing-agent

1.1.0

  • FIX: Handle multiple licences with same type by date.

2020-11-11

ld-mobile

4.74+1

Note

For further details, please refer to Relution changelog http://repo.relution.io/docs/4.74/relution-changelog/changelog.html

ld-zabbix-extensions

1.1.2

  • UPDATE: Allow to use parameters on licences.

2020-11-10

ld-deploy-ipxe

1.0.0+201109.175101

  • UPDATE: Downgrade to commit ef2c844d01e78723af54b6ca67019fd9fe7f08e4 so that computers in Bielefeld can boot locally.

2020-11-05

ld-control-service

42.14

  • Printer management:

    • FIX: Fixed NullPointer in printer properties (settings) and printer driver (url)

2020-11-02

ld-deploy-ipxe

1.0.0+201030.145850

  • UPDATE: Upstream on Fri, 30 Oct 2020 14:58:50 +0100

  • UPDATE: Will be compiled under focal (Ubuntu 20.04).

ld-puppet10

1.3.21-2

  • ld_mobile:

    • NEW: Restart service on configuration change.

    • UPDATE: Remove icinga2 monitoring configuration.

    • FIX: Correcting ldap searchBase for users and groups from absolut to relative dn (absolute doesn’t work, only for new entries).

  • ld_zabbix:

    • UPDATE: Setup zabbix agent only if we get a psk.

    • UPDATE: Use dig44 to avoid deprecation warning.

1.3.21-1

  • ld_samba4:

    • NEW: Configure rpc-server listen address via puppet now (use ip to avoid dns quirks and dependencies).

ld-puppet50

5.0.55-2

  • ld_samba4:

    • FIX: Use symbolic instead real package name for referencing rpc-server (ld-com-rpc-server), p5 doesn’t check title AND name like p3.

5.0.55-1

  • ld_samba4:

    • NEW: Configure rpc-server listen address via puppet now (use ip to avoid dns quirks and dependencies).

2020-10-29

ld-control-service

42.13

  • Printer management:

    • NEW: Added changeset for migration of printer_driver and printer_properties table

    • UPDATE: Changed url of printer driver to relative path (printer/driver/…​)

    • UPDATE: Changed url of printer properties to relative path (printer/properties/…​)

2020-10-27

ld-nextcloud

19.0.4-1

  • FIX: Major upgrade check fixed. Allow upgrade without version file.

2020-10-26

ld-nextcloud

19.0.4

ld-puppet10

1.3.21

  • containers:

    • NEW: mariadb105 container:

      • Use ubuntu xenial for new installations.

      • Container mounts /var/lib/lxc.data/mariadb105/mysql for mysql database. The content isn’t tied to the life cyle of container.

    • UPDATE: unifi container:

      • Use ubuntu xenial for new installations.

    • UPDATE: xibo17 container:

      • Reduce innodb_log_file_size to 5M for compatibility.

  • hiera.d:

    • NEW: fixed.yaml:

      • Add lookup/package proxy infos about LogoDIDACT own mirror system.

    • UPDATE: default.yaml:

      • Configuration from mysql/mariadb host/role merged for simplicity.

  • ld_base:

    • UPDATE: Allows to specify a shorted veth interface name for containers (link name is limited to 15 chars).

  • ld_ca:

    • FIX: Group of /etc/cfssl directory has been corrected.

  • ld_lxc:

    • NEW: Added possibility to remount parts of LXC_DATA to directories in lxc rootfs (e.g. lxc.data/mariadb10/mysql to (RUNNING LXC)/var/lib/mysql).

    • FIX: lxc.hook.network doesn’t complain about unconfigured interfaces if they should be go down (e.g. removed interface from hiera config).

  • ld_mobile:

    • NEW: Allows to define multiple ldap connectors via hiera configuration.

    • NEW: Education classes are also built up from project groups.

  • ld_samba:

    • UPDATE: Removing automatic reboot.

    • UPDATE: Removing non default groups addition to ld-sysgroup.

    • FIX: systemd service will be overwritten:

      • Using /var/run/samba/samba.pid for main process detection.

      • Disabling the systemd service from being active when all processes have ended.

      • Changing kill (stop) method so that all process in cgroup are affected (KillMode=control-group).

    • FIX: Apply acls for ld-su-domjoin in non default fqdn scenarios too.

  • ld_squid:

    • FIX: Using all instead of 0.0.0.0/0 to silence squid warnings on daily logrotate/reloads/restarts.

  • ld_unifi:

    • NEW: Switch to nginx as reverse proxy:

      • Fast restarts on certificate changes.

      • Restarts only if certificate really changes.

      • No sysv/systemd service patching necessary.

    • NEW: Disable nginx http2 support for now (only supported by 16.04).

    • UPDATE The non-working and unnexessary patching for correct JAVA_HOME has been removed.

  • sites:

    • NEW: bielefeld:

      • mariadb105 is enabled by default.

ld-puppet50

5.0.55

  • containers:

    • NEW: mariadb105 container:

      • Use ubuntu xenial for new installations.

      • Container mounts /var/lib/lxc.data/mariadb105/mysql for mysql database. The content isn’t tied to the life cyle of container.

    • UPDATE: unifi container:

      • Use ubuntu xenial for new installations.

    • UPDATE: xibo17 container:

      • Reduce innodb_log_file_size to 5M for compatibility.

  • hiera.d:

    • NEW: fixed.yaml:

      • Add lookup/package proxy infos about LogoDIDACT own mirror system.

    • UPDATE: default.yaml:

      • Configuration from mysql/mariadb host/role merged for simplicity.

  • ld_base:

    • UPDATE: Allows to specify a shorted veth interface name for containers (link name is limited to 15 chars).

  • ld_ca:

    • FIX: Group of /etc/cfssl directory has been corrected.

    • FIX: Fix publishing of chain.pem (dashed name).

  • ld_lxc:

    • NEW: Added possibility to remount parts of LXC_DATA to directories in lxc rootfs (e.g. lxc.data/mariadb10/mysql to (RUNNING LXC)/var/lib/mysql).

    • FIX: lxc.hook.network doesn’t complain about unconfigured interfaces if they should be go down (e.g. removed interface from hiera config).

  • ld_mobile:

    • NEW: Allows to define multiple ldap connectors via hiera configuration.

    • NEW: Education classes are also built up from project groups.

  • ld_puppet:

    • UPDATE: Disabling unused mcollective agents on all managed nodes.

    • FIX: Use correct rundir to allow saving pid file without problems.

  • ld_samba:

    • UPDATE: Removing automatic reboot.

    • UPDATE: Removing non default groups addition to ld-sysgroup.

    • FIX: systemd service will be overwritten:

      • Using /var/run/samba/samba.pid for main process detection.

      • Disabling the systemd service from being active when all processes have ended.

      • Changing kill (stop) method so that all process in cgroup are affected (KillMode=control-group).

    • FIX: Apply acls for ld-su-domjoin in non default fqdn scenarios too.

  • ld_squid:

    • FIX: Using all instead of 0.0.0.0/0 to silence squid warnings on daily logrotate/reloads/restarts.

  • ld_unifi:

    • NEW: Switch to nginx as reverse proxy:

      • Fast restarts on certificate changes.

      • Restarts only if certificate really changes.

      • No sysv/systemd service patching necessary.

    • NEW: Disable nginx http2 support for now (only supported by 16.04).

    • UPDATE The non-working and unnexessary patching for correct JAVA_HOME has been removed.

  • ld_zabbix:

    • FIX: Correct usage of dig to obtain zabbix psk key.

  • sites:

    • NEW: bielefeld:

      • mariadb105 is enabled by default.

2020-10-05

ld-mobile

4.72.2+1

Note

For further details, please refer to Relution changelog http://repo.relution.io/docs/4.72.2/relution-changelog/changelog.html

2020-09-30

ld-puppet10

1.3.20-2

  • ld_ctrl:

    • FIX: Avoid using the ip address for nexus and graylog containers

  • ld_nextcloud

    • FIX: Don’t use sudo in systemd timer to execute scripts as www-data (unit is already executed as www-data)

  • ld_samba:

    • FIX: Using internal ca root for tls cafile parameter (backport from 6.x branch)

ld-puppet50

5.0.54-2

  • ld_ctrl:

    • FIX: Avoid using the ip address for nexus and graylog containers

  • ld_nextcloud

    • FIX: Don’t use sudo in systemd timer to execute scripts as www-data (unit is already executed as www-data)

  • ld_samba:

    • FIX: Using internal ca root for tls cafile parameter (backport from 6.x branch)

2020-09-28

Caution

This is a very important update that fixes very serious vulnerabilities in the Samba products used. It is strongly recommended to update to these version.

Further information can be found on the following websites.

ld-puppet10

1.3.20-1

  • ld_samba:

    • FIX: closing CVE-2020-1472/Zerologon by forcing server schannel usage

ld-puppet50

5.0.54-1

  • ld_samba:

    • FIX: closing CVE-2020-1472/Zerologon by forcing server schannel usage

ld-samba

1.4.200925-1

  • FIX: closing CVE-2020-1472/Zerologon by forcing server schannel usage

ld-site-itb

1.5.200928-1

  • FIX: disables editing of wimport_data when ld-deploy is in use

2020-09-21

ld-azure-sync

7.0

  • UPDATE Adapted to ld-control-service 42.12+ (API change)

6.3

  • FIX: Same as 6.2. Make sure array is returned in every case

6.2

  • FIX: Fixed rare case when Get-CsBatchPolicyAssignmentOperation returns an array containing a single element

6.1

  • FIX: Correctly get available domains from the tenant

6.0

  • UPDATE: Adapted to new ld-control-service api

  • NEW: ld-control-service (42.8+) authentication:

    • Authentication only possible if ld-control-service supports the current ld-azure-sync version

5.7

  • NEW: Send list of deleted users/groups to ld-control-service, where they can be marked for permanent cleanup (instead of waiting the 30 days)

  • NEW: WebSocket connection to ld-control-service allows to trigger:

    • permanent cleanup of marked deleted entities

    • sync manually

  • NEW: Ensure the primary mail address of a group matches the domain name that was selected in the ld-control-center

  • NEW: Send azure domain info to ld-control-service

5.6

  • NEW: Logs users that will not be converted because they have a DirectoryRole (e.g. company admins, team admins, …​)

ld-base

1.5.200707-1

  • FIX: itbdo commandline fix

ld-baselibs

1.4.200624-1

  • FIX: import_workstation

    • Fixed timing problems on host removal loop

    • Added additionally defined networks to ipsets

ld-control-center

42.4

  • NEW: Projections for performance (sku and teamsPolicy).

  • FIX: Fix displaying delete all users and groups from ld-sg-azure.

42.3

  • NEW: DeployInformation in multiple host table. [Closes: 2284]

42.2

  • NEW: Translate azure_service_plans in error log. [Closes: 2281]

  • FIX: Fallback logic for not having guid of servicePlan/sku.

42.1

  • NEW: New Policy Packages, Firstline_Worker/Manager.

42

  • NEW: Type CAMERA for hosts. [Closes: 2166]

  • NEW: Manually start ad-sync. [Closes: 2206]

  • NEW: Delete azureDeletedEntities. [Closes: 2207]

  • NEW Select/Deselect all option. [Closes: 2175]

  • NEW: Export Windows MetaData as csv. [Closes: 2225]

  • UPDATE: Yes/No Booleans with text. [Closes: 2177]

  • FIX: Show/Change SoftwareProgram version for each one individually. [Closes: 2184]

  • FIX: Fix empty hardware entries in overview. [Closes: 2260]

  • FIX: Show more than one Ansible role description. [Closes: 2229]

41.11

  • NEW: Enable Windows Driver Management in imageCatalog. [Closes: 2239]

  • FIX: Catch empty cn.

41.10

  • UPDATE: Rename Windows Driver Updates. [Closes: 2234]

  • FIX: Show/Change SoftwareProgram version for each one individually. [Closes: 2184]

  • FIX: Show more than one Ansible role description. [Closes: 2229]

41.9

  • NEW: Add GRUB as local boot method. [Closes: 2231]

ld-control-service

42.12

  • Azure:

    • NEW: Added AzureServicePlanProjections

    • NEW: Added TeamsPolicyPackageProjections

    • NEW: Accepts Azure Sync Version 7.0 to 7.9

  • Azure Sync:

    • NEW: Added Projections for Azure Sync App

42.11

  • User Management:

    • NEW: Added UserProjections for Azure/User Sync

    • NEW: Accepts Azure Sync Version 7.0 to 7.9

42.10

  • User Sync:

    • FIX: Bugfix for Missing findBy Methods in AzureDeletedEntityRepository

42.9

  • User Sync:

    • FIX: Bugfix for User Sync Azure Group relation

42.8

  • Azure:

    • NEW: added group projection for Azure

  • Version Check:

    • NEW: Implemented Version Check for Azure Sync App

    • NEW: Accepts Azure Sync Version 6.0 to 6.9

42.7

  • Deployment:

    • NEW: manage deleted azure users /groups

    • NEW: trigger azure sync via websocket

42.6

  • Deployment:

    • NEW: Added new image catalog column: enable_windows_driver_updates

42.5

  • Deployment:

    • NEW: Added local boot method GRUB (EFI only)

    • FIX: patchHostStatus ignores null (HostBasePathAwareController)

ld-deploy-ipxe

1.0.0+200823.020054

  • UPDATE: Upstream on Sun, 23 Aug 2020 02:00:54 +0200

ld-deploy-linpe

32+200824.163926

  • UPDATE: Upstream Fedora 32 on Mon, 24 Aug 2020 16:39:26 +0200

ld-deploy-winpe

2004+200824.112533

  • UPDATE: Upstream Windows PE 2004 on Mon, 24 Aug 2020 11:25:33 +0200

ld-dns-server

1.5.200811-02

  • UPDATE: TTL for internal domain has been changed to 60 (1 minute)

ld-nextcloud

19.0.3+1

  • UPDATE: Nextcloud updated to version 19.0.3.

  • UPDATE: SSO & SAML authentication app updated to version 3.2.0.

ld-nexus

3.27.0-03+1

  • UPDATE: Nexus updated to version 3.27.0-03.

ld-puppet10

1.3.20

  • 3part/ca_cert:

    • UPDATE: Patching to use update-ca-certificates --fresh for rebuilding ca cert store

  • UPDATE: consul test implementation removed

  • containers:

    • NEW: Nginx location for validation javascript added

    • UPDATE: Creating empty puppetserver-g2 now.

    • UPDATE: Removing maintenance network interface.

    • samba4-ad:

      • UPDATE: Remove winbind group/passwd lookup in nsswitch.conf

  • debian:

    • NEW: Deploy feature.d directory

  • default.pp:

    • UPDATE: Using single query to get installed container depends

  • ld_ad_sync:

    • NEW: Manage websocket address

  • ld_base:

    • ldinfo:

      • UPDATE: Use upcase letter L in LogoDIDACT/CLOUD

      • UPDATE: Move virtual text location in logo

      • UPDATE: Present different logos/texts on fact data:

        ld_install_kind.id == 'local'
            Logo: LogoDIDACT
        ld_install_kind.id <> 'local'
            Logo: LogoCLOUD
    • map_translate:

      • NEW: now ignores files in hiera subdirectories (default.d/ctrl-g1.d/kerb.yaml, a.e.) of internal hiera directories

      • FIX: Improving handling of translation errors to avoid defect configuration:

        • UPDATE: Extend handling of translation process via call of map_config

        • UPDATE: Break translation if we found a error and propagete defect run via exit code 1 (which as example breaks executing prun on puppeteer then)

      • FIX: Fix handling in case of non existing custom.yaml, cleanup of directories, and add additional logging

    • upgrade-packages:

      • UPDATE: Remove never really used package mail function.

      • UPDATE: Set packages as manual installed via package resource tag 'upgrade-packages:manual'

      • UPDATE: Adding more line to internal ignore list.

      • FIX: Returing now real exit-code of failed apt(-get) process instead of generic ruby stacktrace.

    • NEW: enable bootstrap.success

    • NEW: download keyserver fallback

    • NEW: disable container ca-g1

    • NEW: check deprecated containers

    • NEW: Add new fact ld_install_kind that tries to detect predefined installation kinds and allow hiera/fact/recipes now react to it for:

      • NEW: Display ld_install_kind.provider in bash prompt, examples (symbolic name of setup kind)

      • NEW: Display ld_install_kind.title in ldinfo Welcome line, examples (Local, Hetzner Cloud)

      • NEW: React on ld_install_kind.id or 'ld_install_kind_id', examples (local, hetzner) to

    • NEW: ld_install_kind evals metadata['bios_vendor'] as fallback if bios_vendor fact is nil/non-string/neq to 'Hetzner'

    • UPDATE: puppet6migration scripts

    • UPDATE: Backport auto-apt-proxy from puppet6

    • UPDATE: Using 3part module ca deployment for logosrv cert

    • UPDATE: Removing historic logosrv directory on containers and ca-certificate config reference (replaced with above, cert in /usr/local/shares/ca-certificates)

    • UPDATE: Removing facts pci_devices, bios_and_system, apt_extended_state, because they seems not be used anywhere

    • UPDATE: Don’t compress localrepo packages/content files anymore, and delete existing xz/gz/bz files from /srv/repos on puppet-repo-build run

    • UPDATE: ld_base::cert now fallbacks to ld_ca certs if defined, otherwise use snakeoil certs

    • FIX: If current role is bootstrap, don’t deploy ld10-ca cert via ca_cert:ca, avoiding relationship problems

    • FIX: Remove forced grub-pc installation

    • FIX: Proxy mode now uses logosrv.ld-servernet.servernet instead of proxy to avoid connection issues (ip routing/selection from certain hosts)

  • ld_ca:

    • UPDATE: Deploy predefined dhe group files (ffdhe2048-4096)

    • UPDATE: Deploy ld10 now itself, instead of ld_base::certificates:

      • UPDATE: Removing bootstrap ca_cert reference (not needed anymore)

      • UPDATE: Let ld_base managed ca-certificates package

  • ld_cfssl:

    • UPDATE: Combine facts cfssl / collectcerts into collectcerts

    • FIX: Try to detect defect certificates (0 byte, incomplete file structure) and regenerate them

  • ld_dns:

    • UPDATE: Using same class concept to reduce hassle in porting changes across 1.x/5.x/6.x branches

  • ld_git:

    • NEW: New aliases:

      • cpc ⇒ cherry-pick --continue

      • cpa ⇒ cherry-pick --abort

  • ld_lxc:

    • NEW: New fact ld_lxc_container that checks for .bind-mount in data/backup dir

    • UPDATE: Change emerg to info logging of container (post-)stop logging.

    • UPDATE: Puppet60 upgrade pre depends/presetup backports:

      • UPDATE: Porting mount entries for backup, data, metadata/run

      • UPDATE: Creating bind-mount state files in data/backup dir to indicate mounted via…​

    • UPDATE: Using now lxc-download for creating containers instead of slower bootstrap

    • FIX: Write down bios_vendor to metadata.json host/container too, to work around broken dmidecode based facts in trusty containers

    • FIX: To avoid that lxc.service get killing at shutdown of lxcs after 90s, increasing timeout of service to 7min and 30s. systemd will kill running processes of this service after 2x TimeoutStopSec, now 15min.

  • ld_nextcloud:

    • NEW: Manage all Nextcloud dependencies

    • NEW: Implement support nextcloud kerberos based sso

    • NEW: Redirect http to https

    • NEW: Using fake appstore, because setting not working correctly

    • NEW: Implement quota reset/systemd timer to allow switching between local/external storage mode.

    • NEW: Handling php version now via puppet / hiera configuration.

    • NEW: Directly using a logodidact.config.php for base configuration instead using api calls for them.

    • NEW: Add symlink in root home to nextcloud installation dir.

    • UPDATE: Using php-fpm instead embeddable php interpreter

    • UPDATE: Using cli installer instead of web installer.

    • UPDATE: Because ld_nextcloud::config::system settings are now handled differently, there some changes:

      • Removing "value" encapsulation

      • For moment adding a compat layer for trusted_domain subkey, adapting old variant with "value" encap.

    • UPDATE: Removing unused apache modules

    • UPDATE: Tear down ldap group/users by using ld-sysgroup, ld-sg-exclude, ld-sg-nextcloud-exclude.

    • UPDATE: Using unified plugin config api to set values for user_ldap.

    • UPDATE: Removing now unused provder/type nc_ldap.

    • UPDATE: Tweaking settings:

      • Disable some annoying apps:

        • recommendations

        • password_policy

        • serverinfo

        • logreader (use syslog now)

        • nextcloud_announcements

        • support

        • updatenotification

      • Settings:

        • Disable preview generation globally and per share

        • Disable access to appstore

        • Disable update-check

        • Disable upgrade via web

        • Change user template directory to /var/empty

        • Disable internal integrity check, because we need to patch files

        • Because sAMAccountName isn’t perfectly unique using now 'uidNumber' for nextcloud internal identification (ldap_export_uuid_user_attr)

        • Setting internal username to 'sAMAccountName' (ldap_export_username_attr)

    • FIX :Changing ldapGroupMemberAssocAttr from gidNumber to member to allow correct group mapping

  • ld_nginx:

    • NEW: Include html 5 boilerplate system file location protection

  • ld_puppet:

    • FIX: Correct syslog identifiert for internal puppet cert autosign

  • ld_rproxy:

    • NEW: Adding support to define a ssl endpoint proxy to internal address for ldap

    • UPDATE: Removig random dhparam

  • ld_samba:

    • NEW: Using now ld-su-domjoin user for joining domain for managed samba instances instead of administrator, if you got strange errors at joining, pls verify/correct directory rights for ld-su-domjoin

  • ld_squid:

    • NEW: Adding check-proxy scripts that tries to download something from https://sbe.de via proxy

    • UPDATE: Clearing intercepted ssl certificates on every squid startup

    • UPDATE: squid config:

      • After authentication allow any client

      • Using best practice ordering of authentication

  • ld_syslog:

    • FIX: Avoid syntax warning in newer rsyslog versions

  • profiles:

    • NEW: deep deletion of undefined values

    • pgsql/server:

      • NEW: Allow access from localhost via tcp / md5 auth too

    • NEW: Add ca_cert with disabled package installation in bootstrap profile

    • Adding new configuration options gaining in ld-azure-sync 5.4:

      • Exchange management:

        • MessageCannotSentToOutside, mail reply when sending outside

        • MessageCannotReceiveFromOutside, mail reply send to sender

        • GroupsThatCannotSendToOutside, list of group cn

        • UserThatCannotSendToOutisde, list of user cn

        • GroupsThatCannotReceiveFromOutside, list of group cn

        • UsersThatCannotReceiveFromOutside, list of user cn

ld-puppet50

5.0.54

  • 3part/ca_cert:

    • UPDATE: Patching to use update-ca-certificates --fresh for rebuilding ca cert store

  • UPDATE: consul test implementation removed

  • containers:

    • NEW: Nginx location for validation javascript added

    • UPDATE: Creating empty puppetserver-g2 now.

    • UPDATE: Removing maintenance network interface.

    • samba4-ad:

      • UPDATE: Remove winbind group/passwd lookup in nsswitch.conf

  • debian:

    • NEW: Deploy feature.d directory

  • environment:

    • NEW: Add license key to ld_fixed

    • NEW: Port p6 single puppetdb query for host installed detection

    • FIX: Port p1 empty ('' value) hiera value workaround

  • hiera:

    • default.yaml

    • UPDATE: Updating nginx default ciphers to current best practices values

  • ld_ad_sync:

    • NEW: Manage websocket address

  • ld_base:

    • ldinfo:

      • UPDATE: Use upcase letter L in LogoDIDACT/CLOUD

      • UPDATE: Move virtual text location in logo

      • UPDATE: Present different logos/texts on fact data:

        ld_install_kind.id == 'local'
            Logo: LogoDIDACT
        ld_install_kind.id <> 'local'
            Logo: LogoCLOUD
    • map_translate:

      • NEW: now ignores files in hiera subdirectories (default.d/ctrl-g1.d/kerb.yaml, a.e.) of internal hiera directories

      • FIX: Improving handling of translation errors to avoid defect configuration:

        • UPDATE: Extend handling of translation process via call of map_config

        • UPDATE: Break translation if we found a error and propagete defect run via exit code 1 (which as example breaks executing prun on puppeteer then)

      • FIX: Fix handling in case of non existing custom.yaml, cleanup of directories, and add additional logging

    • upgrade-packages:

      • UPDATE: Remove never really used package mail function.

      • UPDATE: Set packages as manual installed via package resource tag 'upgrade-packages:manual'

      • UPDATE: Adding more line to internal ignore list.

      • UPDATE: Add logic to handle different location/catalog formats to reduce hassle at porting across differrent versions.

        • NEW: Guessing catalog location p5 location >> p6 location >> p3 location

        • NEW: If data element exists move catalog root into it (so that resources element is obtainable from catalog root.

      • FIX: Returing now real exit-code of failed apt(-get) process instead of generic ruby stacktrace.

    • NEW: Add new fact ld_install_kind that tries to detect predefined installation kinds and allow hiera/fact/recipes now react to it for:

      • NEW: Display ld_install_kind.provider in bash prompt, examples (symbolic name of setup kind)

      • NEW: Display ld_install_kind.title in ldinfo Welcome line, examples (Local, Hetzner Cloud)

      • NEW: React on ld_install_kind.id or 'ld_install_kind_id', examples (local, hetzner) to

    • NEW: ld_install_kind evals metadata['bios_vendor'] as fallback if bios_vendor fact is nil/non-string/neq to 'Hetzner'

    • UPDATE: Backport auto-apt-proxy from puppet6

    • UPDATE: Using 3part module ca deployment for logosrv cert

    • UPDATE: Removing historic logosrv directory on containers and ca-certificate config reference (replaced with above, cert in /usr/local/shares/ca-certificates)

    • UPDATE: Removing facts pci_devices, bios_and_system, apt_extended_state, because they seems not be used anywhere

    • UPDATE: Don’t compress localrepo packages/content files anymore, and delete existing xz/gz/bz files from /srv/repos on puppet-repo-build run

    • FIX: If current role is bootstrap, don’t deploy ld10-ca cert via ca_cert:ca, avoiding relationship problems

    • FIX: Remove forced grub-pc installation

    • FIX: Proxy mode now uses logosrv.ld-servernet.servernet instead of proxy to avoid connection issues (ip routing/selection from certain hosts)

  • ld_ca:

    • UPDATE: Combine facts cfssl / collectcerts into collectcerts

    • UPDATE: Deploy predefined dhe group files (ffdhe2048-4096)

    • UPDATE: Deploy ld10 now itself, instead of ld_base::certificates:

      • UPDATE: Removing bootstrap ca_cert reference (not needed anymore)

      • UPDATE: Let ld_base managed ca-certificates package

    • FIX: Try to detect defect certificates (0 byte, incomplete file structure) and regenerate them

  • ld_dns:

    • UPDATE: Using same class concept to reduce hassle in porting changes across 1.x/5.x/6.x branches

  • ld_git:

    • NEW: New aliases:

      • cpc ⇒ cherry-pick --continue

      • cpa ⇒ cherry-pick --abort

  • ld_lxc:

    • NEW: New fact ld_lxc_container that checks for .bind-mount in data/backup dir

    • UPDATE: Change emerg to info logging of container (post-)stop logging.

    • UPDATE: Puppet60 upgrade pre depends/presetup backports:

      • UPDATE: Porting mount entries for backup, data, metadata/run

      • UPDATE: Creating bind-mount state files in data/backup dir to indicate mounted via…​

    • UPDATE: Using now lxc-download for creating containers instead of slower bootstrap

    • FIX: Write down bios_vendor to metadata.json host/container too, to work around broken dmidecode based facts in trusty containers

    • FIX: To avoid that lxc.service get killing at shutdown of lxcs after 90s, increasing timeout of service to 7min and 30s. systemd will kill running processes of this service after 2x TimeoutStopSec, now 15min.

  • ld_nextcloud:

    • NEW: Manage all Nextcloud dependencies

    • NEW: Implement support nextcloud kerberos based sso

    • NEW: Redirect http to https

    • NEW: Using fake appstore, because setting not working correctly

    • NEW: Implement quota reset/systemd timer to allow switching between local/external storage mode.

    • NEW: Handling php version now via puppet / hiera configuration.

    • NEW: Directly using a logodidact.config.php for base configuration instead using api calls for them.

    • NEW: Add symlink in root home to nextcloud installation dir.

    • UPDATE: Using php-fpm instead embeddable php interpreter

    • UPDATE: Using cli installer instead of web installer.

    • UPDATE: Because ld_nextcloud::config::system settings are now handled differently, there some changes:

      • Removing "value" encapsulation

      • For moment adding a compat layer for trusted_domain subkey, adapting old variant with "value" encap.

    • UPDATE: Removing unused apache modules

    • UPDATE: Tear down ldap group/users by using ld-sysgroup, ld-sg-exclude, ld-sg-nextcloud-exclude.

    • UPDATE: Using unified plugin config api to set values for user_ldap.

    • UPDATE: Removing now unused provder/type nc_ldap.

    • UPDATE: Tweaking settings:

      • Disable some annoying apps:

        • recommendations

        • password_policy

        • serverinfo

        • logreader (use syslog now)

        • nextcloud_announcements

        • support

        • updatenotification

      • Settings:

        • Disable preview generation globally and per share

        • Disable access to appstore

        • Disable update-check

        • Disable upgrade via web

        • Change user template directory to /var/empty

        • Disable internal integrity check, because we need to patch files

        • Because sAMAccountName isn’t perfectly unique using now 'uidNumber' for nextcloud internal identification (ldap_export_uuid_user_attr)

        • Setting internal username to 'sAMAccountName' (ldap_export_username_attr)

    • FIX :Changing ldapGroupMemberAssocAttr from gidNumber to member to allow correct group mapping

  • ld_nginx:

    • NEW: Include html 5 boilerplate system file location protection

  • ld_puppet:

    • UPDATE: prun now uses openssl bindings to check own ca.pem

    • FIX: Correct syslog identifiert for internal puppet cert autosign

  • ld_rproxy:

    • NEW: Adding support to define a ssl endpoint proxy to internal address for ldap

    • UPDATE: Removig random dhparam

  • ld_squid:

    • NEW: Adding check-proxy scripts that tries to download something from https://sbe.de via proxy

    • UPDATE: Clearing intercepted ssl certificates on every squid startup

    • UPDATE: squid config:

      • After authentication allow any client

      • Using best practice ordering of authentication

  • ld_syslog:

    • FIX: Avoid syntax warning in newer rsyslog versions

  • profiles:

    • NEW: deep deletion of undefined values

    • pgsql/server:

      • NEW: Allow access from localhost via tcp / md5 auth too

    • NEW: Add ca_cert with disabled package installation in bootstrap profile

    • Adding new configuration options gaining in ld-azure-sync 5.4:

      • Exchange management:

        • MessageCannotSentToOutside, mail reply when sending outside

        • MessageCannotReceiveFromOutside, mail reply send to sender

        • GroupsThatCannotSendToOutside, list of group cn

        • UserThatCannotSendToOutisde, list of user cn

        • GroupsThatCannotReceiveFromOutside, list of group cn

        • UsersThatCannotReceiveFromOutside, list of user cn

ld-samba

1.4.200331-1

  • NEW: create /etc/samba/smb.conf.homes.IP files for Pydio, NextCloud and Kopano

  • UPDATE: include smb.conf.shares files for Pydio, NextCloud and Kopano

ld-site-itb

1.5.200527-3

  • NEW: forward to https://ctrl/ to edit wimport_data or to import workstations

ld-upgrade

2.0.200406-01

  • FIX: wget with --no-check-certificate argument

ld-vpn-server

1.3.200522-1

  • NEW: client certificates will be removed