HISTORY.txt

1.3.9 unreleased

- Docs cleanup after running `make linkcheck` and `make html`.
  [stevepiercy]

- Clean up tests; Remove 4.3 from test suite. All tests now pass on Bionic and Focal.
  [smcmahon]

- Turn loadbalancer_healthcheck off by default.
  Without the tcp check option (unavailable with Python 3), haproxy's health checks work poorly (they consume a thread) and are less reliable.
  [smcmahon]

- Finish up Python 3 compatability by taking care of remaining scripts that were Py 2.7 only.
  [smcmahon]

- Correct ansible-galaxy command in docs
  [djowett]

- Add "tcp-check connect" to haproxy tcp-check sequence.
  Fixes #123.
  Thanks, jid.
  [smcmahon]

- it's 2020 so default to Python 3, disable incompatible z2monitor
  [tkimnguyen]

- Update plone docs and tests for plone_client_tcpcheck on py3.
  [fulv]

1.3.8 2020-02-15

- Test against 5.2.1.
  [smcmahon]

- Use plone server role v. 1.3.8.
  [smcmahon]

- Remove support for Varnish <4.
  [stevepiercy]

- Varnish 4 syntax prefers double quote marks to single.
  [stevepiercy]

- Update hot restart script to work with python3.
  [smcmahon]

- Lots of reST syntax, spelling, grammar fixes.
  [stevepiercy]

- Add support for certbot and Let's Encrypt certficates.
  [stevepiercy]

- Allow Bearer Authorization headers to be used for JWT Token authentication used by plone.restapi.
  [fulv]

- Fix version compare and align with ansible.plone_server.
  [stevepiercy]

1.3.7 2019-07-24

- Set up the multiserver sample with 4.3, 5.1 and 5.2 for a thorough example and test.
  [smcmahon]

- Add python3-specific test file.
  [smcmahon]

- Adapt haproxy httpcheck options to account for the lack of "options" method in waitress.
  [smcmahon]

- Require plone server role 1.3.7, which adds support for Python 3 via specification of plone_python_version variable globally or per Plone instance.
  [smcmahon]

1.3.6 2019-04-02

- Added pre/post restart script command options.
  Documented in docs/restart_script.rst.
  [smcmahon]

- Restart script mechanism didn't work in a multiserver configuration with multiple plones;
  it always addressed the default Plone target.
  Fixed.
  [smcmahon]

- clarify documentation on what can be tested with Vagrant
  [tkimnguyen]

- Update medium sample to use 5.2RC2-pending for test purposes.
  [smcmahon]

- Update roles/munin-node/files/monitors/plonezope_res to work with 5.2+'s slightly different command-line profile for zope clients.
  [smcmahon]

- Port documentation for plone_download_requirements_txt from plone server role.
  [smcmahon]

- Require plone server role 1.3.6.
  Now compatible with Plone 5.2rc2-pending with Python 2.7.
  [smcmahon]

- Update use of "apt" for Debian to avoid with_items, which has been deprecated for package handling.
  [smcmahon]

1.3.5 2018-09-25

- Skipped 1.3.3 and 1.3.4 tags to synchronize with plone server role.
  [smcmahon]

- Require plone server role 1.3.5.
  [smcmahon]

1.3.3 unreleased

- Fix for configuration of tcpcheck port broke if client count wasn't specified in the individual config.
  Fixed.
  [smcmahon]

- haproxy health check warning tested wrong version.
  [smcmahon]

- Automated configuration of the tcp check port wasn't working for multiple plones.
  Deliberately specified ports on a plone-by-plone level was working.
  Fix requires matching plone server role.
  [smcmahon]

1.3.2 unreleased

- Check compilability of default.vcl before varnish starts/restarts.
  Halt if that fails.
  [smcmahon]

- Run configtest on nginx before restarting.
  Halt if that fails.
  [smcmahon]

- Drop Trusty and CentOS7 from tested environments.
  They no longer have Pythons current enough for Plone 5.1.x.
  (They're still fine for earlier versions of Plone.)
  [smcmahon]

- Fixed problems with Varnish not restarting on bionic.
  [smcmahon]

- Update plone server role to v 1.3.2.
  [smcmahon]

- Update samples to 5.1.2.
  [smcmahon]

- Update Ansible version requirement to 2.5.0.
  Fixes #112.
  [smcmahon]

1.3.1 2018-07-07

- Make bionic the default Vagrant test platform.
  [smcmahon]

- Update samples to use Plone 5.1.1.
  [smcmahon]

- Update to plone server role v 1.3.1.
  [smcmahon]

- Add munin_node_extra variable.
  [smcmahon]

- Add proxy_cache_block_basic_auth variable that may be used to control blocking of HTTP authentication by Varnish.
  [smcmahon]

- Restart script didn't know how to use a custom plone_target_path unless there were multiple plone playbooks."
  [smcmahon]

1.3.0 2018-03-10

    **Before you update***: If you're using version 1.2.x, you should note that version 1.3.0+ sets up client monitors for each ZEO client.
    These monitors will use the client port + 100.
    haproxy will use these monitor ports as a mechanism to check ZEO client status without using an http thread.
    See ``tcpcheck`` variables in the documentation for plone setup if you wish to alter or turn off this feature.

- Use plone server role 1.3.0.
  [smcmahon]

- Use five.z2monitor facilities to configure health check ports.
  plone_client_tcpcheck and plone_client_tcpcheck_port control this.
  See http://hvelarde.blogspot.com/2017/12/we-have-been-doing-health-checks-wrong.html for an excellent writeup on why this is a much better idea than http checks.
  Thanks, hvelarde!
  Note that this requires plone role v 1.3.0+.
  [smcmahon]

1.2.25 2018-03-06

- Use plone server role 1.2.25, which has Plone 5.1.0 for its default.
  [smcmahon]

1.2.24 2018-02-27

- Use plone server role 1.2.24.
  [smcmahon]

- Update jnv.unattended-upgrades to v1.5.0.
  [smcmahon]

- fail2ban install was failing on hosts with no /etc/fail2ban/jail.d directory (after the fail2ban package install). Fixed.
  [smcmahon]

- Remove dependency on anxs.hostname.
  [smcmahon]

1.2.23 2018-02-20

- Require plone_server 1.2.23.
  [smcmahon]

- Add loadbalancer_listen_extra variable to offer more flexibility in haproxy configuration.
  [smcmahon]

- Add a virtualhosting variable `location_subfolder` that allows VHM "inside-out" hosting.
  [tkimnguyen]

- Copy plone_buildout_cfg setting note from plone role to main docs.
  [smcmahon]

- Add a note to the very-small-server example about problems building with limited RAM.
  [smcmahon]

- Copy missing-python warning from README to intro.
  [smcmahon]

1.2.22 2017-12-12

- Do some doc cleanup for the plone_buildout_cfg option.
  [smcmahon]

- Changed logwatch role modules to give us Debian 9 (stretch) compatability.
  [smcmahon]

- Use plone_server 1.2.22.
  [smcmahon]

1.2.21 skipped

1.2.20 2017-11-12

- Using jinja2 filters in with_items now requires "{{ ... }}}" quoting.
  This broke the firewall playbook.
  Fixed.
  [smcmahon]

- With Ansible 2.4.1.0, a negative result value for ansible_selinux changed from boolean to a dict.
  Adjusted tests for selinux while maintaining backward compatability.
  [smcmahon]

- Use plone_server 1.2.20.
  [smcmahon]

1.2.19

- Use plone role version 1.2.19 to pick up PyPI https fix.
  [smcmahon]

- 2017-04-07 VCL fix broke vcl < 4 (e.g., trusty). Fixed.
  [smcmahon]

- Add loadbalancer_healthcheck option to haproxy setup.
  Refactor loadbalancer_options to go into haproxy's default_server setting.
  [smcmahon]

- The new fail2ban role (added in 1.2.15) would not work with older versions of jail.conf that set up an ssh jail rather than sshd.
  [smcmahon]

- Audit module would fail if no instance name was set.
  [smcmahon]

1.2.18 2017-06-25

- Use plone_server role tag 1.2.18.
  [smcmahon]

- Add default values for a template that use plone_instance_name.
  roles/restart_script/templates/restart_if_hot.py.j2
  [ramiroluz]

- Make virtual host aliases work as expected by using $host rather than $server_name in nginx host files and with matching selection logic in varnish default.vcl.
  [smcmahon]

- Clarify certificate files process (#73)
  [stevepiercy]

- Add audit role to catch unmaintained nginx or supervisor configuration files.
  [smcmahon]

1.2.17 2017-05-25

- Document need for Python 2.7.x to be activated in Xenial+.
  Fixes #82.
  [smcmahon]

- Use Plone 5.0.7 in samples.
  [stevepiercy]

- Make client_max_body_size work either globally or in virtual host blocks.
  [smcmahon]

- Add proxy_cache_vcl_extra variable that allows the addition of miscellaneous VCL to the varnish default.vcl file.
  [smcmahon]

- Add a new option plone_hot_monitor that may be set to `superlance` or `cron`.
  `superlance` is the default.
  If `cron` is specified, a cron script will run twice an hour to restart if memory use is hot.
  [smcmahon]

- Add a script that will restart a client using the single-client restart script (thus getting cluster-maintenance and cache-warming features) if it's using too much memory.
  [smcmahon]

- Move to plone_server role v 1.2.17.
  [smcmahon]

- Document restart script; add single-client restart script; add warm_path option.
  [smcmahon]

- Logwatch role: check for new update notification was too specific. Fixed.
  [smcmahon]

1.2.16 2017-04-24

- Make update-notifier work in logwatch on Xenial.
  [smcmahon]

- Cleanup motd formatting.
  [smcmahon

- Munin-node: Add and use varnish4_ plugin if using varnish4.
  [smcmahon]

- Munin-node: use haproxy_ng when available.
  [smcmahon]

- Add logwatch_ignore variable to set contents of logwatch's ignore.conf file.
  [smcmahon]

- Use plone role 1.2.16. Advance playbook version to match.
  [smcmahon]

1.2.15 (never released)

- Updated the Makefile to use "virtualenv -p python2.7" instead of "virtualenv-2.7"
  [pigeonflight]

- Implement our own fail2ban role which will run on debian and redhat families.
  [smcmahon]

- Our munin-node plugin for plone/zope RSS needs to distinguish instances.
  [smcmahon]

- Clean up restart script a bit. It was unnecessarily noisy.
  [smcmahon]

- The varnish default.vcl we generate had a logical error that would cause it to use the primary server incorrectly in some cases where multiple plones were installed and multiple hostnames in use. Fixed.
  [smcmahon]

- Allow myhostname in Postfix to be set to something other than the inventory hostname via a mail_hostname variable.
  [smcmahon]

- Change version to match up with plone_server.
  [smcmahon]

1.2.14 (unreleased)

- Very old nginx does not have the ssl_session_tickets parameter.
  So, don't use it if nginx is old.
  [smcmahon]

- Use plone_server 1.2.15.
  [smcmahon]

- Use plone_server 1.2.14.
  [smcmahon]

- motd was not picking up correct paths when using multiple plones. Fixed.
  [smcmahon]

- Remove uses of jinja2 "truncate", which has stopped working as advertised.
  [smcmahon]

- Add mechanisms to control SSL variables like protocols and ciphers.
  Add http2 support.
  All documented in docs/webserver.rst.
  [smcmahon]

- Add mailserver_maincf_extras option for Postfix setup.
  [smcmahon]

- Add logwatch for plone errors; add vsz and rss to supervisor process list watch.
  [smcmahon]

1.2.13 2016-10-07

- We want plone_server 1.2.13.
  [smcmahon]

1.2.12 unreleased

- Turn of ssh strict host checking by Ansible in generated Vagrant vbox_host.cfg.
  [smcmahon]

- Postfix "mydestination" parameter was incorrect, blocking local mail. Fixes #50.
  [smcmahon]

- Use plone server role 1.2.12.
  [smcmahon]

- Use Plone 5.0.6 in samples.
  [smcmahon]

- Add a provisioning mechanism that creates vbox_host.cfg during vagrant provisioning.
  This makes it easier to use Ansible directly against the newer generation of Vagrant boxes that don't have insecure keys.
  Since vbox_host.cfg is now dynamically generated, remove it from distribution.
  [smcmahon]

- Use subroutines to keep vcl_recv shorter in Varnish vcl.
  [gforcada]

1.2.11 2016-09-22

- Use plone server role 1.2.11.
  [smcmahon]

1.2.10 2016-08-18

- Use plone server role 1.2.10. Update ansible.fail2ban to 1.5.0.
  [smcmahon]

- Remove misleading comment.
  [gforcada]

1.2.9 (unreleased)

- Test cleanups.
  [smcmahon]

- Document use of ansible_ssh_pipelining in plone role.
  [smcmahon]

- Set selinux varnishd_connect_any to true on RedHat. Otherwise, Varnish can only connect to 8080.
  [smcmahon]

- Use plone_server role 1.2.9. Update to use Plone 5.0.5.
  [smcmahon]

- Add location_extra webserver option. Fixes #35.
  [smcmahon]

- Always run Ansible version check.
  [djowett]

- Add a git fork maintenance strategy example to docs.
  [smcmahon]

- Updated Postfix role to limit mydestination setting to localhost. Otherwise it would not be able to mail to its own hostname, even if that hostname had another MX.
  [smcmahon]

- Doc update to clarify platform support. Fixes #42.
  [smcmahon]

1.2.8 2016-04-25

- Use plone server 1.2.8.
  [smcmahon]

- Establish a STABLE branch to clearly separate the last-released branch from the development branch (master).
  [smcmahon]

- Split os-family-specific plays into separate include files in roles.
  [cleberjsantos]

- Update samples to use Plone 5.0.4.
  [smcmahon]

- Document several variables related to plone site creation. Fixes #74.
  [smcmahon]

1.2.7 2016-03-28

- Port doc updates from plone_server role.
  [smcmahon]

- Use plone_server 1.2.7.
  [smcmahon]

- Use "become" rather than "sudo".
  [smcmahon]

- We need Ansible >= 2.0.
  [smcmahon]

- Document plone_rsync_backup_options (from plone_server 1.2.7).
  [smcmahon]

1.2.6 2016-03-13

- Document plone_buildout_extra_dir (from plone_server).
  [smcmahon]

- Update to use plone_server role 1.2.6.
  [smcmahon]

- Switch to using requirements.yml (rather than requirements.txt).
  [smcmahon]

- Turn on SELinux haproxy_connect_any and httpd_can_network_connect when selinux is enabled.
  [jpgimenez]

- Relicense as BSD-3-Clause.

1.2.5 2016-01-24

- Require plone_server role v 1.2.5.

- Regularize handling of enables on CentOS with Ansible's service module.
  [smcmahon]

- Set empty dict defaults for unused plone_config items to work around unneeded evaluation of "count" in with_sequence in Ansible 2.0.
  [smcmahon]

- Make sure added services are enabled via systemctl. Several CentOS packages don't do that on install.
  [smcmahon]

- Add reboot to tests. Only what survives a reboot is real.
  [smcmahon]

- Add CentOS 7.1 as a viable target. fail2ban not yet done.
  [fulv, smcmahon]

- Specifying the "file" cache method did not work with Varnish 4. Fixed.
  [smcmahon]

1.2.4 2015-01-10

- Use plone_server 1.2.4; make default Plone version 5.0.2.
  [smcmahon]

1.2.3 unreleased

- Use plone_server 1.2.3.
  [smcmahon]

- Instance path fouled up for three-decimal versions. Thanks, oggers.
  [smcmahon]

- Backport fulv's plone.org branch addition of authomatic to preserved cookies default in varnish role.
  [smcmahon]

- Add initial support for CentOS
  [fulv]

1.2.2 2015-12-08

- Requirements update to plone_server 1.2.2 (hotfix 20121208)
  [smcmahon]

- Add nginx default_server option in virtual host specification.
  [smcmahon]

- Fix errors in restart script and motd that would cause them to fail for virtual hosts with no zodb path. Error was added in 1.2.0.
  [smcmahon]

- Fix backend port error in small & very small examples.
  [smcmahon]

1.2.1 2015-12-02

- Advance Plone role requirement to 1.2.1.
  [smcmahon]

- Change varnish to run as varnish:varnish rather than nobody:nogroup. Does anybody like nobody?
  [smcmahon]

- Add mechanism for specifying already placed certificate files for nginx.
  [smcmahon]

- Add support for Debian Jessie and Ubuntu Vivid. This includes Varnish 4.0.x.
  [smcmahon]

- Improved test framework to automate tests of multiple boxes.
  [smcmahon]

1.2.0 2015-11-15

- Add test framework.

- Refactor to allow multiple plone instances per server. Document.
  Involved changes in several included roles.
  Requires plone.plone_server 1.2.0+.

1.1.3 unreleased

- Fix firewall.yml to work without configure.yml.

- Refactor haproxy and varnish roles to allow support for multiple Plone backends.

- Factor all defaults into roles or jinja2 default filters.
  The goal is to make Ansible's inventory variables scheme work as an alternative to local-configure.yml.

1.1.2 2015-10-13

- Set client_max_body for nginx to 2M, allow override.

- Fail if Ansible version is < 1.2. We might work with earlier,
  but haven't tested.

- Updated plone.plone_server requirement to 1.1.3.
  Version for the full kit updated to match.

1.1.1 2015-07-28

- Updated plone.plone_server requirement to 1.1.1.
  Version for the full kit updated to match.

- Add a task to set the timezone.

1.0 -2015-06-15

- Update ansible galaxy requirement versions to latest.

- Add restart_script role. It creates a zeocluster restart script
  at zeocluster/scripts/restart_clients.sh.

- Update to use Plone 4.3.6.

1.0b5 - 2015-01-27

- Bump plone_server requirement version.

1.0b4 - 2015-01-07

- Add X-Forwarded-For and X-Real-IP headers to Nginx setup.

1.0b3 - 2014-12-17

- Update plone_server role requirement to 1.0b6, which has a fix for bootstrap/setuptools problem.

1.0b2 - 2014-12-08

- Update for use with plone_server 1.0b5.

1.0b1 - 2014-12-03

- first tagged release