CHANGELOG.md

sys Cookbook Changelog

The format is based on Keep a Changelog.

[2.7.1] - 2024-10-11

Fixed

• [multipath] Service name is multipathd, aliasing to multipath-tools vanishes in Trixie
• [sys_secret] Revert rubocop recommendation for SSL contants – breaks stuff on Debian Buster
• [sys_wallet] Fix namespace confusion between File and Chef::Provider::File

[2.7.0] - 2024-10-10

Added

• [krb5] Wallet client finally enteres official Debian repos as krb5-wallet-client in Trixie
• [fail2ban] Add attribute node['sys']['fail2ban']['logtarget'] to switch syslog logging on and off (see !77)
• [fail2ban] Divert logrotate config for fail2ban when logging to syslog
• [nfs] Add option to enable debugging for rpc.gssd (see !76)

Fixed

• [rsyslog] Small tweak for RHEL platform
• [sys_wallet] Code cleanup

[2.6.0] - 2024-09-02

Added

• [nftables] nftables_rule supports new properties interface_name and outerface_name.

[2.5.0] - 2024-08-12

Added

• [ssh] Add statement to include config snippets from /etc/ssh/sshd_config.d into /etc/ssh/sshd_config. This is part of the default sshd_config starting with Debian Bullseye.
• [x509_certificate] Add new include_chain option to resource. See the documentation and !67
• [ldap] Skip config hash elements with nil values in /etc/nslcd.conf. See 3c1e7de1 for the reasoning behind this option.

[2.4.2] - 2024-07-12

Changed

• Remove version constraint on chef-vault cookbook dependency
• [rsyslog] Don't limit TLS loghost forwarding to Debian >= Buster The resulting setup will not disable TLS on Debian < Buster but braeak the setup :(

[2.4.1] - 2024-05-24

Fixed

• [time] Correct path for ntp drift file

[2.4.0] - 2024-05-22

Added

• Support for Debian Bookworm and preliminary support for Debian Trixie

Changed

• [time] NTP removed in favor of NTPSEC in Debian Bookworm

[2.3.0] - 2024-02-07

Added

• [helpers] Fix verification of systemd units in chroots (by skipping verification) cf. !47

Fixed

• [ldap] Explicitly install libldap-common (where it is available, cf. #43)

Changed

• [helpers] Give credit to cinc in template_header() where it is due
• [systemd] Delete ifupdown interface definitions in a more Cheffy way (that should create backups)

[2.2.0] - 2023-06-26

Changed

• [krb5] Do not use realm when asking for keytabs from wallet server

[2.1.0] - 2023-03-29

Changed

• [rsyslog] Refactor loghost configuration to allow configuration of multiple loghosts with different filters and/or log protocols

[2.0.3] - 2023-03-23

Fixed

• [chef] Don't link /etc/chef to /etc/chef

[2.0.2] - 2023-03-22

Fixed

• [resource::sys_mail_alias]
  • Only converge if the resource actually changed (fixes #40)
  • Don't fail on :remove action if the aliases file does not exist (fixes #39)

[2.0.1] - 2023-03-10

Fixed

• [autofs] Invoke sys_nsswitch the proper way
• [chef] systemd-timer mode requires chef-client >= 12.11
• [ldap] Don't explicitly install libldap-common: Does not exist on Jessie, implicitly installed elsewhere
• [resolv] Do not define an empty default_unless for node['sys']['resolv']['servers']
• [resources/x509_certificate] Gracefully handle load error of chef-vault

[2.0.0] - 2023-03-09

• Support for Debian Bullseye and cinc-client (omnibus)
• Drop dependency on line cookbook
• [chef] Detect ChefUtils::Dist::Infra::SHORT and install to /etc/cinc if appropriate
• [nsswitch] Use new custom resource following accumulator pattern (cf. !32)
• [resource::sys_mail_alias] Replace line resources with Chef::Util::FileEdit

[1.72.2] - 2023-02-28

Added

• [resources/x509_certificate] Add info where keys are coming from to loglevel info.

[1.72.1] - 2023-01-20

Changed

• [libraries/sys_helpers_nftables] Debugging output removed.

[1.72.0] - 2023-01-19

Added

• [libraries/sys_helpers_nftables] Add support for multiple actions in nftables rules.

[1.71.1] - 2023-01-19

Changed

• [chef] Rename service unit to chef-client-oneshot.service when configuring in systemd-timer mode

[1.71.0] - 2023-01-16

Added

• [resource::nftables_rule] Handle unknown protocols

[1.70.1] - 2022-12-10

Changed

• [resource::nftables_rule] handles arbitrary strings correctly

[1.70.0] - 2022-12-09

Added

• [sys::fail2ban] New recipe to install and configure fail2ban

Changed

• [kitchen] Pin net-ssh gem in serverspec test suite installation for Ruby 2.5 compatibility.

[1.69.7] - 2022-12-09

Changed

• [resource::nftables_rule] allows arbitrary strings as source and destination, so that named sets may be used

[1.69.6] - 2022-12-06

Changed

• [resource::nftables] deploys default rules, if no rules are provided.

[1.69.5] - 2022-10-12

Changed

• [sys::apt] ignore_failure when running dpkg --configure -a
  This is a workaround for Stretch→Buster upgrade issues when chef-client is configured for systemd-timer mode : postinst script of chef restarts chef-client.service
  which triggers chef-client run
  which triggers dpkg --configure -a
  which fails because dpkg started the whole thing and is locked

[1.69.4] - 2022-09-20

Fixed

• [sys_x509_certificate] Fix resource name when called from other cookbooks (cf. !52)

[1.69.3] - 2022-09-08

Fixed

• [sys::snmp] Fix snmpd systemd unit startup type (cf !51)

[1.69.2] - 2022-08-10

Added

• [sys::multipath] Add option to disable multipathd service and add test suite

[1.69.1] - 2022-07-19

Changed

• [sys::systemd] documentation update
• [resource::nftables] documentation update
• [resource::nftables_rule] documentation update

Fixed

• [sys::chef] reverted 59794a47a0 due to unexpectedly different lockfile handling of dpkg and apt, replacement with lockfile-check not working due to systemd being too old for ExecCondition

[1.69.0] - 2022-07-07

Added

• [sys::ssl] New custom resource sys_x509_certificate for deployment of SSL certificates

[1.68.0] - 2022-07-05

Changed

• [sys::chef] prevent startup of chef-client.service in systemd-timer mode while dpkg is running.

Fixed

• [sys::snmp] proper systemd detection instead of shaky Debian version heuristic.

Added

• [sys::systemd] Support for configuration of systemd-journald via attributes

[1.67.1] - 2022-06-09

Added

• New Ohai plugin sysctl.rb added to collect information on sysctl settings

[1.67.0] - 2022-06-08

Changed

• Ohai plugin dpkg.rb now extends node['packages']

Removed

• Package information is no longer collected beneath node['debian']['packages']

[1.66.1] - 2022-05-18

Added

• Ohai plugin dpkg.rb now also collects information on architecture and source package name of installed packages

[1.66.0] - 2022-05-05

Changed

• Use a more modern approach for the firewall and firewall_rule resources.
• No attributes to configure the firewall or firewall_rule resources
• No default recipe
• Rename the resources to nftables and nftables_rule.

[1.65.1] - 2022-05-04

Changed

• Revised the README

[1.65.0] - 2022-04-29

Added

• [sys::ssh] Manage /etc/ssh/ssh_known_hosts

[1.64.3] - 2022-04-27

Added

• Ubuntu 20.04 focal added as test platform
• [sys::chef] Detect Chef system installation following the latest Ruby packaging schema on Ubuntu Focal

Fixed

• Improved error handling in sys::accounts

[1.64.2] - 2022-03-28

Added

• Support for Arrays of CIDRs in firewall rules

Fixed

• Firewall rule for outgoing SSH setup

[1.64.1] - 2022-03-28

Fixed

• Firewall ruleq for established connections rearranged

[1.64.0]

Added

• New recipe sys::firewall
• New resource firewall
• New resource firewall_rule
• New attributes for configuring firewall
• Documentation
• Tests

[1.63.1] - 2022-02-28

Changed

• Updated documentation for sys::pam
• Send chef-client output to logfile in systemd-timer mode (!39)
• Shorter PGP key for apt-key test - goodbye fefe (!41)
• Catch missing home dir write permissions in sys_ssh_authorize

[1.63.0] - 2022-02-07

Added

• New recipe sys::linuxlogo for linuxlogo banners in text consoles

[1.62.3] - 2022-02-02

Changed

• Improved setup and testing of systemd-timer and service for chef-client